CVE-2025-2519

Name of the Vulnerable Software and Affected Versions: Sreamit theme for WordPress versions prior to 4.0.2

Description: The issue is related to insufficient file validation in the st send download file function, allowing authenticated attackers with subscriber-level access or higher to download arbitrary files.

Recommendations: For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the st send download file function until a patch is available.