15 matches found
CVE-2026-4804
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...
CVE-2026-4804 Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...
CVE-2026-4804
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...
EUVD-2026-41523
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...
CVE-2026-4804
The Zakra WordPress theme (
WordPress Zakra theme <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Zakra versions = 4.2.0...
WordPress Zakra Unauthorized Modification Vulnerability
WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...
CVE-2025-8595
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2025-32082 · WordPress · Zakra
Name of the Vulnerable Software and Affected Versions: Zakra versions prior to 4.1.6 Description: The Zakra theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the welcome notice import handler function. This allows authenticated attackers wit...
WordPress plugin Zakra 安全漏洞
WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...
WordPress Zakra plugin <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import vulnerability
Missing Authorization to Subscriber+ Demo Import vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Zakra versions = 4.1.5...
WordPress Zakra Theme <= 4.1.5 is vulnerable to Broken Access Control
Software Zakra Type Theme Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8595 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7c24beb6f4b4 Credits Dmitrii Ignatyev Required privilege...