CVE-2025-12895

Name of the Vulnerable Software and Affected Versions Kalium 3 | Creative WordPress & WooCommerce Theme versions prior to 3.30

Description The Kalium theme for WordPress is susceptible to unauthorized email sending. This is due to a missing capability check within the kalium vc contact form request() function. This flaw allows unauthenticated attackers to utilize the theme as an open mail relay, enabling them to send emails to arbitrary email addresses through the server.

Recommendations Update to version 3.30 or later.