CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution

The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...

WordPress plugin kallyas 代码注入漏洞

WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. A code execution vulnerability exists in WordPress kallyas plugin, which stems from unrestricted non-administrator access to the code editor widget, and can be exploited by an attacker...