Nutrie allows uploading a web shell to the web server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.9

Nutrie allows uploading a web shell to the web server

CVE-2025-68555

Summary

The Nutrie plugin for zozothemes has a security issue that allows an attacker to upload a malicious web shell to the web server. This means an attacker could potentially take control of the server. To protect your site, update Nutrie to version 2.0.1 or later.

Original title

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.

Original description

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.

nvd CVSS3.1 9.9

Vulnerability type

CWE-434 Unrestricted File Upload

https://patchstack.com/database/Wordpress/Theme/nutrie/vulnerability/wordpress-n...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026