Sala Startup & SaaS WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the Sala - Startup & SaaS WordPress Theme, affecting all versions through 1.1.4. The vulnerability arises because the theme fails to properly validate a user's identity before allowing password changes. This flaw enables unauthenticated attackers to reset passwords for any user, including administrators, and gain unauthorized access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeover. This includes administrative accounts, which could be used to make further changes or cause additional harm on the site.

Added: Jul 9, 2025, 4:20 AM

Updated: Jul 9, 2025, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sala Startup & SaaS WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating