Description
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Published: 2025-07-09
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Sala - Startup & SaaS WordPress Theme contains a flaw that allows an attacker who does not have a valid user account to reset any user’s password without authentication. The vulnerability arises because the theme does not validate the requester’s identity before allowing a password change. This flaw enables full account takeover of administrators and any other users and therefore compromises confidentiality, integrity, and availability of the site’s management functions.

Affected Systems

All installations of the Sala – Startup & SaaS WordPress Theme up to and including version 1.1.4 are affected. The issue originates from the theme package distributed via WordPress and ThemeForest, and any WordPress site using these versions may be vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, indicating a very high risk level. The EPSS score is below 1 %, suggesting that, while technically possible, real–world exploitation is currently rare. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the theme’s password reset feature, where an unauthenticated visitor can trigger the reset mechanism and set a new password for any user account.

Generated by OpenCVE AI on April 20, 2026 at 22:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Sala theme to a version newer than 1.1.4 that contains the fix for the privilege‑escalation bug.
  • Replace or disable the theme’s built‑in password reset capability with a vetted plugin that enforces correct authentication prior to any credential change.
  • Enable audit logging for password changes and monitor logs for any unauthorized resets; consider enforcing two‑factor authentication on WordPress admin accounts.

Generated by OpenCVE AI on April 20, 2026 at 22:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-20770 The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00074}

 epss

{'score': 0.00097}

Wed, 09 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 09 Jul 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Title Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
Weaknesses CWE-620
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:14:20.075Z

Reserved: 2025-05-12T18:39:36.171Z

Link: CVE-2025-4606

cve-icon Vulnrichment

Updated: 2025-07-09T14:29:12.838Z

cve-icon NVD

Status : Deferred

Published: 2025-07-09T04:16:09.823

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-4606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:30:19Z

Weaknesses