54 matches found
CVE-2025-63060
CVE-2025-63060 concerns the WordPress Kallyas theme (versions up to 4.2). The connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas, affecting from n/a through
CVE-2025-63060 WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...
CVE-2025-63061 WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through 4.25.0...
CVE-2025-63061
The CVE describes a DOM-Based XSS in the WordPress Kallyas theme (hogash Kallyas) affecting versions up to and including 4.22.0, caused by improper neutralization of input during web page generation. The vulnerability enables cross-site scripting through the theme’s rendering process. The availab...
CVE-2025-63060 WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...
CVE-2025-63061 WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through 4.25.0...
CVE-2025-62018
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62018
CVE-2025-62018 describes a Missing Authorization (broken access control) vulnerability in the KALLYAS WordPress theme up to version 4.22.0. Multiple connected sources (Red Hat, EUVD/ENISA, NVD, CVE list entries) corroborate that this is a theme-level issue affecting Kallyas releases through 4.22....
CVE-2025-62018 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62018 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62017 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62017
CVE-2025-62017: A Missing Authorization (Broken Access Control) vulnerability affects the hogash KALLYAS WordPress Theme up to version 4.22.0. Public documentation from Red Hat and NVD confirms a Missing Authorization issue in Kallyas, with impact described as unauthorized access. The vulnerabili...
CVE-2025-62017 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62016
CVE-2025-62016 corresponds to an Unrestricted Upload of File with Dangerous Type in the hogash Kallyas WordPress theme, affecting versions up to 4.22.0. The vulnerability is described as arbitrary file upload, with a high-impact CVSS 3.1 score (CRITICAL, network vector, no user interaction). Conn...
CVE-2025-62016 WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
CVE-2025-62016 WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through = 4.22.0...
PT-2025-45293
Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through = 4.22.0...
WordPress Kallyas theme <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.23.0...
WordPress Kallyas theme <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
Authenticated Contributor+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.24.0...
CVE-2025-6990
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...