{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4606", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-12T18:39:36.171Z", "datePublished": "2025-07-09T03:22:04.150Z", "dateUpdated": "2026-04-08T17:14:20.075Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:20.075Z"}, "affected": [{"vendor": "uxper", "product": "Sala - Startup & SaaS WordPress Theme", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "title": "Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve"}, {"url": "https://themeforest.net/item/sala-startup-saas-wordpress-theme/33843955?s_rank=4"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-620 Unverified Password Change", "cweId": "CWE-620", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Th\u00e1i An"}], "timeline": [{"time": "2025-07-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T14:29:03.169024Z", "id": "CVE-2025-4606", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T14:29:40.327Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4606", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-09T14:29:03.169024Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T14:29:12.838Z"}}], "cna": {"title": "Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Th\u00e1i An"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "uxper", "product": "Sala - Startup & SaaS WordPress Theme", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve"}, {"url": "https://themeforest.net/item/sala-startup-saas-wordpress-theme/33843955?s_rank=4"}], "descriptions": [{"lang": "en", "value": "The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-620", "description": "CWE-620 Unverified Password Change"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:20.075Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4606", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:14:20.075Z", "dateReserved": "2025-05-12T18:39:36.171Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-09T03:22:04.150Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}, {"lang": "es", "value": "El tema Sala - Startup &amp; SaaS para WordPress es vulnerable a la escalada de privilegios mediante el robo de cuentas en todas las versiones hasta la 1.1.4 incluida. Esto se debe a que el tema no valida correctamente la identidad del usuario antes de actualizar sus datos, como la contrase\u00f1a. Esto permite que atacantes no autenticados cambien las contrase\u00f1as de usuarios arbitrarios, incluyendo las de administradores, y aprovechen esta situaci\u00f3n para acceder a sus cuentas."}], "id": "CVE-2025-4606", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-09T04:16:09.823", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/sala-startup-saas-wordpress-theme/33843955?s_rank=4"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-620"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:19:47.291764+00:00", "value": {"mitigation_remediation": ["Update the Sala theme to a version newer than 1.1.4 that contains the fix for the privilege\u2011escalation bug.", "Replace or disable the theme\u2019s built\u2011in password reset capability with a vetted plugin that enforces correct authentication prior to any credential change.", "Enable audit logging for password changes and monitor logs for any unauthorized resets; consider enforcing two\u2011factor authentication on WordPress admin accounts."], "summary": {"action": "Immediate Patch", "impact": "Unauthenticated Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of the Sala \u2013 Startup & SaaS WordPress Theme up to and including version 1.1.4 are affected. The issue originates from the theme package distributed via WordPress and ThemeForest, and any WordPress site using these versions may be vulnerable.", "description_and_impact": "The Sala - Startup & SaaS WordPress Theme contains a flaw that allows an attacker who does not have a valid user account to reset any user\u2019s password without authentication. The vulnerability arises because the theme does not validate the requester\u2019s identity before allowing a password change. This flaw enables full account takeover of administrators and any other users and therefore compromises confidentiality, integrity, and availability of the site\u2019s management functions.", "risk_and_exploitability": "The vulnerability has a CVSS score of 9.8, indicating a very high risk level. The EPSS score is below 1\u202f%, suggesting that, while technically possible, real\u2013world exploitation is currently rare. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the theme\u2019s password reset feature, where an unauthenticated visitor can trigger the reset mechanism and set a new password for any user account."}}}}, "created": "2026-04-20T22:30:19.867608+00:00", "updated": "2026-04-20T22:30:19.867622+00:00", "vendors": []}