VYPR

Kalium

by WordPress

CVEs (5)

  • CVE-2025-49926HigOct 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.

  • CVE-2025-53349HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laborator Kalium kalium allows Reflected XSS.This issue affects Kalium: from n/a through <= 3.18.3.

  • CVE-2025-12895MedJan 15, 2026
    risk 0.34cvss 5.3epss 0.00

    The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for…

  • CVE-2025-53348MedSep 9, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3.

  • CVE-2025-53347MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.