Home / Vulnerability Intelligence / CVE-2025-68553

CVE-2025-68553 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 5, 2026

zozothemes Lendiz - Unrestricted File Upload

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

zozothemes Lendiz < 2.0.1 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can upload malicious web shells, leading to remote code execution and full server compromise.

Mitigation

Update to version 2.0.1 or later.

References

https://patchstack.com/database/Wordpress/Theme/lendiz/vulnerability/wordpress-lendiz-theme-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🔴 CVE-2025-68553 - Critical (9.9) Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68553/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-68553
Severity: Critical
CVSS Score: 9.9
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 4.2%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days