The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in

WORDPRESS

09-09-2025 06:20

CVE-2025-10134 Vulnerabilidad documentada

9.1 CRITICAL

Tags

#wordpress

#data

#wp

#server

#php

#config

#deletion

#attackers

#authenticated

#arbitrary

#vulnerable

#remote

#execution

#attack

Descripción

The Goza - Nonprofit Charity WordPress Theme theme for is vulnerable to arbitrary file deletion due insufficient path validation in the alone_import_pack_restore_data() function all versions up to, and including, 3.2.2. This makes it possible unauthenticated attackers delete files on server, which can easily lead remote code execution when right deleted (such as wp-config.php).

https://themeforest.net/item/goza-nonprofit-charity-wordpress-theme/23781575

https://www.wordfence.com/threat-intel/vulnerabilities/id/73efd9ad-9515-4ca8-bfb3-1d478f39c2b9?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-10134

Resultados similares

Coincidentes en almenos en 50% de los tags

09-09-2025 CVE-2025-9542
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in...
Ver información

09-09-2025 CVE-2025-9539
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in...
Ver información