CVE-2025-52739

CVE-2025-52739 affects WordPress Sala theme versions up to 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Reflected XSS. Impact described in multiple feeds: reflected XSS affecting Sala from n/a through 1.1.3 with published CVSS 3.1 vector (AV:N/AC:...

CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6...

CVE-2025-54709

CVE-2025-54709 is a Local File Inclusion vulnerability in the WordPress Sala theme (versions

WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion

Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Sala Theme 1.1.4 Privilege Escalation

WordPress Sala Theme versions 1.1.4 and below are vulnerable to an unauthenticated privilege escalation vulnerability. This flaw allows unauthenticated attackers to reset passwords of arbitrary users — including administrators — by directly invoking an exposed AJAX endpoint without verifying the...

WordPress Sala Missing Authorization Vulnerability

WordPress Sala is a WordPress theme designed for startups, SaaS services, software technology and more. WordPress Sala suffers from a missing authorization vulnerability that can be exploited by an attacker to cause access to features that are not restricted by ACLs...

CVE-2025-52803 WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52803 WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52803

CVE-2025-52803 corresponds to a Missing Authorization vulnerability in WordPress Sala theme (uxper Sala), affecting versions n/a through 1.1.3. The connected sources clearly describe an access control flaw where functionality is not properly constrained by ACLs, enabling improper access. The root...

WordPress plugin Sala 安全漏洞

WordPress Sala is a WordPress theme designed for startups, SaaS services, software technology and more. WordPress Sala suffers from a missing authorization vulnerability that can be exploited by an attacker to cause access to features that are not restricted by ACLs...

WordPress Sala theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability discovered by Thái An in WordPress Theme Sala versions = 1.1.4...

WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826

CVE-2025-52826 affects the WordPress Sala theme (

WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...