Zegen
Monthly
Arbitrary file upload in the Zegen WordPress theme (versions 1.1.9 and earlier) lets a low-privileged authenticated user (Subscriber role) upload files without adequate type validation, enabling upload of executable PHP and full site compromise. The CVSS 3.1 base score is 9.9 with a scope change, reflecting that a minimally-privileged account can escalate to server-level code execution. Reported by Patchstack; no public exploit identified at time of analysis and it is not listed in CISA KEV.
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Arbitrary file upload in the Zegen WordPress theme (versions 1.1.9 and earlier) lets a low-privileged authenticated user (Subscriber role) upload files without adequate type validation, enabling upload of executable PHP and full site compromise. The CVSS 3.1 base score is 9.9 with a scope change, reflecting that a minimally-privileged account can escalate to server-level code execution. Reported by Patchstack; no public exploit identified at time of analysis and it is not listed in CISA KEV.
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.