Code Injection Vulnerability in Kalium Theme by Laborator
CVE-2025-49926

7.3HIGH

Key Information:

Vendor: WordPress
Status: Kalium
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-49926?

The Kalium theme by Laborator has a vulnerability that allows for code injection due to improper control over code generation. This flaw can lead to unauthorized code execution, compromising the integrity of the WordPress site. Affected versions of the theme are from n/a up to and including version 3.25. It is crucial for users to update their theme to mitigate the risk of exploitation.

Affected Version(s)

Kalium <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/kaliu...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

JSON