Lucene search
K

11 matches found

NVD
NVD
added last week7 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
CVE
CVE
added last week13 views

CVE-2026-4804

The Zakra WordPress theme (

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added last week34 views

CVE-2026-4804 Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55517

Name of the Vulnerable Software and Affected Versions Zakra versions prior to 4.2.1 Description The Zakra theme for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the theme registers three post meta fields—zakra menu item color, zakra menu item hover color, and zakra...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/02 7:1 p.m.6 views

WordPress Zakra theme <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Zakra versions = 4.2.0...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/08 2:31 a.m.4 views

CVE-2025-8595

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 3:15 a.m.4 views

CVE-2025-8595

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/06 2:24 a.m.4 views

CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6.1AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/06 2:24 a.m.7 views

CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00221EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/05 12:0 a.m.5 views

WordPress Zakra Theme <= 4.1.5 is vulnerable to Broken Access Control

Software Zakra Type Theme Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8595 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7c24beb6f4b4 Credits Dmitrii Ignatyev Required privilege...

4.3CVSS6.2AI score0.00221EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder