{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8595", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-05T13:56:34.374Z", "datePublished": "2025-08-06T02:24:11.563Z", "dateUpdated": "2026-04-08T16:51:32.455Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:32.455Z"}, "affected": [{"vendor": "themegrill", "product": "Zakra", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings."}], "title": "Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4da012dc-7e58-479a-813e-762eb28297bf?source=cve"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=281307%40zakra%2F4.1.6&old=276128%40zakra%2F4.1.5"}, {"url": "https://research.cleantalk.org/cve-2025-8595/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-08-05T13:58:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-06T13:40:16.547545Z", "id": "CVE-2025-8595", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:40:34.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8595", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-06T13:40:16.547545Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:40:24.442Z"}}], "cna": {"title": "Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themegrill", "product": "Zakra", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.1.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-05T13:58:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4da012dc-7e58-479a-813e-762eb28297bf?source=cve"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=281307%40zakra%2F4.1.6&old=276128%40zakra%2F4.1.5"}, {"url": "https://research.cleantalk.org/cve-2025-8595/"}], "descriptions": [{"lang": "en", "value": "The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-08-06T02:24:11.563Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8595", "state": "PUBLISHED", "dateUpdated": "2025-08-06T13:40:34.249Z", "dateReserved": "2025-08-05T13:56:34.374Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-06T02:24:11.563Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings."}, {"lang": "es", "value": "El tema Zakra para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n welcome_notice_import_handler() en todas las versiones hasta la 4.1.5 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, importen la configuraci\u00f3n de la demo."}], "id": "CVE-2025-8595", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-06T03:15:27.900", "references": [{"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2025-8595/"}, {"source": "security@wordfence.com", "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=281307%40zakra%2F4.1.6&old=276128%40zakra%2F4.1.5"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4da012dc-7e58-479a-813e-762eb28297bf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:39:56.115022+00:00", "value": {"mitigation_remediation": ["Update Zakra to version 4.1.6 or later, which includes the missing capability check.", "Remove the demo import capability from all non\u2011administrator roles by adding a filter or custom plugin that denies this capability to Subscribers and lower users.", "Restrict access to the demo import feature so that only administrators can use it, ensuring that non\u2011admin users cannot trigger the import function."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Data Modification"}, "threat_synthesis": {"affected_systems": "The affected installations are WordPress sites that use the Zakra theme, version 4.1.5 or earlier. All releases up to 4.1.5 inclusive share the flaw; sites that have upgraded to 4.1.6 or newer are no longer vulnerable.", "description_and_impact": "The vulnerability exists in the Zakra WordPress theme and is caused by a missing capability check in the welcome_notice_import_handler() function. Because the function does not verify that the caller has the required permissions, any authenticated user with Subscriber or higher roles can trigger the demo import. The result is that an attacker can change theme configuration and site settings, effectively modifying the appearance, widgets, and other options that belong to the theme. This constitutes unauthorized data modification and can undermine site integrity and serve as a foothold for further malicious activity once the configuration is altered.", "risk_and_exploitability": "The CVSS score of 4.3 indicates medium severity, and the EPSS score of less than 1% points to a low probability of exploitation at the present time. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires only that the attacker be an authenticated user with a Subscriber or higher role, so the attack vector is remote and credential\u2011dependent. Once such a user triggers the import, the demonstration settings overwrite existing theme options. The risk is mitigated by updating the theme or disabling the demo import capability for non\u2011administrators."}}}}, "created": "2025-08-06T07:50:25.958682+00:00", "updated": "2026-04-21T03:45:27.379522+00:00", "vendors": ["themegrill", "themegrill$PRODUCT$zakra", "wordpress", "wordpress$PRODUCT$wordpress"]}