CVE-2025-52739 WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52739

CVE-2025-52739 affects WordPress Sala theme versions up to 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Reflected XSS. Impact described in multiple feeds: reflected XSS affecting Sala from n/a through 1.1.3 with published CVSS 3.1 vector (AV:N/AC:...

CVE-2025-52739 WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3...

CVE-2025-54709

CVE-2025-54709 is a Local File Inclusion vulnerability in the WordPress Sala theme (versions

CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6...

CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala sala.This issue affects Sala: from n/a through = 1.1.6...

WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sala versions = 1.1.6...

WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion

Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sala versions = 1.1.3...

WordPress Sala Theme 1.1.4 Privilege Escalation

WordPress Sala Theme versions 1.1.4 and below are vulnerable to an unauthenticated privilege escalation vulnerability. This flaw allows unauthenticated attackers to reset passwords of arbitrary users — including administrators — by directly invoking an exposed AJAX endpoint without verifying the...

CVE-2025-52803 WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52803

CVE-2025-52803 corresponds to a Missing Authorization vulnerability in WordPress Sala theme (uxper Sala), affecting versions n/a through 1.1.3. The connected sources clearly describe an access control flaw where functionality is not properly constrained by ACLs, enabling improper access. The root...

CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it...

WordPress Sala theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability discovered by Thái An in WordPress Theme Sala versions = 1.1.4...

WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826

CVE-2025-52826 affects the WordPress Sala theme (

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...

WordPress Sala Theme <= 1.1.3 is vulnerable to PHP Object Injection

Software Sala Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52826 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 745dde376637 Credits Ann Required privilege Subscriber Published 23 June,...