Lucene search
K

15 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-4804 Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41523

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-4804

The Zakra WordPress theme (

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
Patchstack
Patchstack
added last week5 views

WordPress Zakra theme <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Zakra versions = 4.2.0...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/08/12 12:0 a.m.1 views

WordPress Zakra Unauthorized Modification Vulnerability

WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...

4.3CVSS6.8AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/08 2:31 a.m.4 views

CVE-2025-8595

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 3:15 a.m.4 views

CVE-2025-8595

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/06 2:24 a.m.4 views

CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6.1AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/06 2:24 a.m.7 views

CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.4 views

PT-2025-32082 · WordPress · Zakra

Name of the Vulnerable Software and Affected Versions: Zakra versions prior to 4.1.6 Description: The Zakra theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the welcome notice import handler function. This allows authenticated attackers wit...

4.3CVSS6.3AI score0.00221EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.3 views

WordPress plugin Zakra 安全漏洞

WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...

4.3CVSS6.7AI score0.00221EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/05 11:1 p.m.6 views

WordPress Zakra plugin <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import vulnerability

Missing Authorization to Subscriber+ Demo Import vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Zakra versions = 4.1.5...

4.3CVSS7AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/08/05 12:0 a.m.5 views

WordPress Zakra Theme <= 4.1.5 is vulnerable to Broken Access Control

Software Zakra Type Theme Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8595 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7c24beb6f4b4 Credits Dmitrii Ignatyev Required privilege...

4.3CVSS6.2AI score0.00221EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder