{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2289", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-13T16:31:13.634Z", "datePublished": "2025-03-14T05:24:02.910Z", "dateUpdated": "2026-04-08T17:12:11.179Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:11.179Z"}, "affected": [{"vendor": "zozothemes", "product": "Zegen - Church WordPress Theme", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options."}], "title": "Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a04db024-5198-490f-bf5f-d5bad1b21ce4?source=cve"}, {"url": "https://themeforest.net/item/zegen-church-wordpress-theme/25116823"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2025-03-13T16:37:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-14T13:43:41.523531Z", "id": "CVE-2025-2289", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:50:33.401Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2289", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-14T13:43:41.523531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T14:50:26.444Z"}}], "cna": {"title": "Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates", "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "zozothemes", "product": "Zegen - Church WordPress Theme", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-13T16:37:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a04db024-5198-490f-bf5f-d5bad1b21ce4?source=cve"}, {"url": "https://themeforest.net/item/zegen-church-wordpress-theme/25116823"}], "descriptions": [{"lang": "en", "value": "The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:11.179Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2289", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:11.179Z", "dateReserved": "2025-03-13T16:31:13.634Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-14T05:24:02.910Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zozothemes:zegen:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "28B076E8-1D8F-424E-92EC-A3282077777E", "versionEndIncluding": "1.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options."}, {"lang": "es", "value": "El tema Zegen - Church WordPress Theme para WordPress es vulnerable a accesos no autorizados debido a la falta de comprobaci\u00f3n de capacidad en varios endpoints AJAX en todas las versiones hasta la 1.1.9 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, importar, exportar y actualizar las opciones del tema."}], "id": "CVE-2025-2289", "lastModified": "2025-03-21T15:03:12.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-14T06:15:25.230", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themeforest.net/item/zegen-church-wordpress-theme/25116823"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a04db024-5198-490f-bf5f-d5bad1b21ce4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:55:24.828784+00:00", "value": {"mitigation_remediation": ["Update the Zegen - Church WordPress Theme to the latest released version that includes the missing capability check.", "If an update is not immediately available, restrict Subscriber-level users from accessing the WordPress administrative area or remove the AJAX endpoints temporarily via custom code or a security plugin.", "Audit all theme options for unexpected changes and restore any configurations that have been tampered with.", "Monitor site logs for unusual activity on theme\u2011related AJAX endpoints and keep an eye on any future updates from zozothemes that address this flaw."], "summary": {"action": "Patch", "impact": "Unauthorized theme option manipulation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Zegen - Church WordPress Theme delivered by zozothemes. All releases up to and including version 1.1.9 are impacted, including any WordPress site that has installed these versions of the theme.", "description_and_impact": "The Zegen - Church WordPress Theme contains a missing capability check on several AJAX endpoints. This flaw allows any authenticated user with Subscriber-level access or higher to import, export, and update theme options. The weakness corresponds to CWE-862, lacking proper authorization enforcement. An attacker can import, export, and update theme options.", "risk_and_exploitability": "The CVSS score of 4.3 places this issue in the moderate severity range, indicating that while it does not enable full code execution, it grants significant administrative control over theme configuration. The EPSS score of less than 1% shows a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be an authenticated user; an attacker must first obtain legitimate login credentials or a session cookie to benefit from the missing authorization. Once authenticated, the attacker can exploit the unprotected AJAX endpoints to alter theme options."}}}}, "created": "2026-04-22T02:00:05.039615+00:00", "updated": "2026-04-22T02:00:05.039625+00:00", "vendors": []}