WordPress · Goza - Nonprofit Charity Wordpress Theme · CVE-2025-10690
**Name of the Vulnerable Software and Affected Versions**
Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2
**Description**
The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the `beplus import pack install plugin` function. This allows unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations, potentially leading to remote code execution.
**Recommendations**
Update Goza - Nonprofit Charity WordPress Theme to a version later than 3.2.2.