Unrestricted File Upload Vulnerability in LiquidThemes LogisticsHub
CVE-2025-30933

10CRITICAL

Key Information:

Vendor: WordPress
Status: Logisticshub
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-30933?

The LiquidThemes LogisticsHub product is susceptible to an unrestricted file upload vulnerability that allows malicious users to upload dangerous file types, including web shells, to the server. This could result in unauthorized access and exploitation of the application, posing significant risks to the integrity and confidentiality of the hosted environment. Users of LogisticsHub versions up to 1.1.6 should take immediate steps to secure their installations against potential breaches by implementing strict file type validation and monitoring uploads.

Affected Version(s)

LogisticsHub <= 1.1.6

References

https://patchstack.com/database/wordpress/theme/logistics...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Frank (Patchstack Alliance)

WordPress

What is CVE-2025-30933?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit