PT-2025-36678 · WordPress · Goza - Nonprofit Charity Wordpress Theme
Thái An
·
Published
2025-09-09
·
Updated
2025-09-09
·
CVE-2025-10134
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Goza - Nonprofit Charity WordPress Theme versions through 3.2.2
Description:
The Goza - Nonprofit Charity WordPress Theme is susceptible to arbitrary file deletion due to inadequate file path validation within the
alone import pack restore data() function. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution if critical files, such as wp-config.php, are deleted.Recommendations:
Update Goza - Nonprofit Charity WordPress Theme to a version later than 3.2.2.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goza - Nonprofit Charity Wordpress Theme