4 matches found
CVE-2025-4606
creationtimestamp| type| source ---|---|--- 2025-08-02 23:00:09+00:00| published-proof-of-concept| Telegram/q5mn87rSG6gtI0smEdxx6J-G64nS0ki-dVcfLGdhRjHxuoE 2025-08-03 03:00:05+00:00| published-proof-of-concept| Telegram/I2SzHYS-2X5tGNiLKp66oCYJvjCLqCM5NMA3TgqWPuEsY 2025-08-05 21:02:24+00:00| seen...
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it...
CVE-2025-4606
The CVE-2025-4606 entry concerns the Sala - Startup & SaaS WordPress Theme and its vulnerability to unauthenticated privilege escalation. Affected versions are all up to 1.1.4, where the theme fails to properly validate a user’s identity before updating details such as passwords. This allows an u...
WordPress Sala Theme <= 1.1.4 is vulnerable to Privilege Escalation
Software Sala Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4606 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e358e6b6574a Credits Thái An Required...