9 matches found
WordPress Zakra Unauthorized Modification Vulnerability
WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...
CVE-2025-8595
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2025-32082 · WordPress · Zakra
Name of the Vulnerable Software and Affected Versions: Zakra versions prior to 4.1.6 Description: The Zakra theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the welcome notice import handler function. This allows authenticated attackers wit...
WordPress plugin Zakra 安全漏洞
WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...
WordPress Zakra plugin <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import vulnerability
Missing Authorization to Subscriber+ Demo Import vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Zakra versions = 4.1.5...
WordPress Zakra Theme <= 4.1.5 is vulnerable to Broken Access Control
Software Zakra Type Theme Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8595 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7c24beb6f4b4 Credits Dmitrii Ignatyev Required privilege...