Primary

Context

Zegen Church WordPress Theme Missing Authorization Vulnerability in AJAX Endpoints

Vulnerability

A vulnerability exists in the Zegen - Church WordPress Theme, all versions through 1.1.9, due to a lack of proper capability checks on several AJAX endpoints. This flaw allows authenticated attackers with Subscriber-level access and above to import, export, and modify theme options, thereby potentially disrupting the site's appearance or functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in theme options, allowing attackers to alter the site's appearance or behavior.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected theme.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zegen Church WordPress Theme Missing Authorization Vulnerability in AJAX Endpoints

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating