Arbitrary file upload in Themify Bloggie
CVE-2025-30996
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, T…
Vulnerability class: Unrestricted File Upload
EPSS: 0.004 (34.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Themify Bloggie — versions n/a
- Themify Photobox — versions n/a
- Themify Rezo — versions n/a
- Themify Slide — versions n/a
- Themify Edmin — versions n/a
- Themify Folo — versions n/a
- Themify Newsy — versions n/a
- Themify Sidepane Wordpress Theme — versions n/a
- Themify Wigi — versions n/a
Weakness classification (CWE)
References
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
- audit@patchstack.com (vdb-entry)
Frequently asked questions
- What is CVE-2025-30996?
- CVE-2025-30996 is a critical-severity vulnerability in Themify Bloggie, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.9/10. Published 2026-01-06.
- How severe is CVE-2025-30996?
- Critical severity. CVSS v3 base score is 9.9 out of 10.