Primary

Context

Kallyas WordPress Theme Arbitrary Folder Deletion Vulnerability

Vulnerability

A vulnerability allowing authenticated users with Contributor-level access and above to delete arbitrary folders on the server has been identified in the Kallyas theme for WordPress. This issue arises from inadequate file path validation in the delete_font() function, affecting all versions through 4.21.0.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of folders on the server, potentially causing loss of data or disruption of service.

Remediation

Users are advised to update to version 4.22.0 or a newer patched version.

Added: Jul 26, 2025, 8:17 AM

Updated: Jul 26, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kallyas WordPress Theme Arbitrary Folder Deletion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating