Primary

Context

Kallyas WordPress Theme Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Kallyas WordPress theme, affecting all versions up to and including 4.24.0. The issue arises in the 'TH_PhpCode' page builder widget, where the theme fails to restrict access to the code editor for non-administrators. This oversight allows authenticated attackers with Contributor-level access or higher to execute code on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected WordPress site is hosted.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected theme.

Added: Nov 1, 2025, 8:18 AM

Updated: Nov 1, 2025, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kallyas WordPress Theme Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating