Unauthorized Access Vulnerability in Zegen Church WordPress Theme by WordPress
CVE-2025-2289

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Zegen - Church WordPress Theme
Vendor: CVE Published:; 14 March 2025

Summary

The Zegen - Church WordPress Theme contains a vulnerability that permits unauthorized access through several AJAX endpoints due to insufficient capability checks. This oversight allows authenticated users, those with Subscriber-level access or higher, to manipulate theme settings, including importing, exporting, and updating configurations. This can potentially lead to significant alterations in the website's theme options without proper permissions.

Affected Version(s)

Zegen - Church WordPress Theme * <= 1.1.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/zegen-church-wordpress-theme...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Mar 13, 2025

Credit

Lucio Sá