CVE-2025-4606

Name of the Vulnerable Software and Affected Versions: Sala - Startup & SaaS WordPress Theme versions prior to 1.1.5

Description: The issue arises from the theme's failure to properly validate a user's identity before updating their details, such as the password. This allows unauthenticated attackers to change arbitrary users' passwords, including those of administrators, and gain access to their accounts.

Recommendations: For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to user account management features until a patch is available.