54 matches found
WordPress Kallyas Theme <= 4.23.0 is vulnerable to Cross Site Scripting (XSS)
Software Kallyas Type Theme Vulnerable versions = 4.23.0 Fixed in 4.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-6988 Patch priority Low CVSS severity Low 6.5 Developer EPC PSID e0831bfa42ea Credits stealthcopter Required privilege Contributo...
WordPress Kallyas Theme <= 4.24.0 is vulnerable to Remote Code Execution (RCE)
Software Kallyas Type Theme Vulnerable versions = 4.24.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2025-6990 Patch priority Medium CVSS severity Medium 8.8 Developer EPC PSID fef69fa1779b Credits stealthcopter Required privilege Contributor Published...
CVE-2025-6988
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-37432
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
CVE-2025-6988
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6990
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
CVE-2025-6988 Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6988
CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions
CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
CVE-2025-6990
CVE-2025-6990 affects the KALLYAS WordPress theme (
CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
PT-2025-44720
Name of the Vulnerable Software and Affected Versions kallyas versions prior to 4.23.1 Description The kallyas theme for WordPress is susceptible to Stored Cross-Site Scripting through multiple shortcodes. Insufficient input sanitization and output escaping on user-supplied attributes allows...
PT-2025-44721
Name of the Vulnerable Software and Affected Versions kallyas versions prior to 4.24.0 Description The kallyas theme for WordPress is susceptible to Remote Code Execution through the TH PhpCode pagebuilder widget. The issue arises because the theme does not restrict access to the code editor widg...
WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme KALLYAS versions 4.25.0...
WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme KALLYAS versions = 4.22.0...
WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme KALLYAS versions = 4.22.0...
EUVD-2025-22781
Malicious code in bioql PyPI...
EUVD-2025-22782
Malicious code in bioql PyPI...
WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by ? in WordPress Theme KALLYAS versions = 4.22.0...
WordPress Kallyas theme <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.21.0...