Wiguard: Unsecured Upload Allows Web Shell on Server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.9

Wiguard: Unsecured Upload Allows Web Shell on Server

CVE-2025-68549

Summary

An attacker can upload a malicious web shell to your Wiguard server, potentially allowing them to control your website and steal sensitive data. This issue affects all versions of Wiguard up to 2.0.1. Update to version 2.0.1 or later to fix this issue.

Original title

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.

Original description

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.

nvd CVSS3.1 9.9

Vulnerability type

CWE-434 Unrestricted File Upload

https://patchstack.com/database/Wordpress/Theme/wiguard/vulnerability/wordpress-...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026