CVE-2025-52739

CVE-2025-52739 affects WordPress Sala theme versions up to 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Reflected XSS. Impact described in multiple feeds: reflected XSS affecting Sala from n/a through 1.1.3 with published CVSS 3.1 vector (AV:N/AC:...

CVE-2025-54709

CVE-2025-54709 is a Local File Inclusion vulnerability in the WordPress Sala theme (versions

CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6...

WordPress Sala Theme 1.1.4 Privilege Escalation

WordPress Sala Theme versions 1.1.4 and below are vulnerable to an unauthenticated privilege escalation vulnerability. This flaw allows unauthenticated attackers to reset passwords of arbitrary users — including administrators — by directly invoking an exposed AJAX endpoint without verifying the...

CVE-2025-52803 WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52803

CVE-2025-52803 corresponds to a Missing Authorization vulnerability in WordPress Sala theme (uxper Sala), affecting versions n/a through 1.1.3. The connected sources clearly describe an access control flaw where functionality is not properly constrained by ACLs, enabling improper access. The root...

WordPress Sala theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Password Reset/Account Takeover vulnerability discovered by Thái An in WordPress Theme Sala versions = 1.1.4...

WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826

CVE-2025-52826 affects the WordPress Sala theme (

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...