CVE-2025-6989

Name of the Vulnerable Software and Affected Versions Kallyas versions prior to 4.21.1

Description The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font() function. Authenticated attackers possessing Contributor-level access or higher can exploit this issue to delete arbitrary folders on the server.

Recommendations Update Kallyas to version 4.21.1 or later.