Unrated severityNVD Advisory· Published Mar 14, 2025· Updated Apr 8, 2026

Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates

CVE-2025-2289

Description

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options.

Affected products

Zegen/Zegen - Church WordPress Themellm-create
Range: <=1.1.9
zozothemes/Zegen - Church WordPress Themev5
Range: 0
WordPress/Zegenwp-canonicalize

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

themeforest.net/item/zegen-church-wordpress-theme/25116823mitre
www.wordfence.com/threat-intel/vulnerabilities/id/a04db024-5198-490f-bf5f-d5bad1b21ce4mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000