Kalium

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-49926	WordPress Kalium	Hig	0.47	7.2	Oct 22, 2025	Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.
CVE-2025-53349	WordPress Kalium	Hig	0.46	7.1	Nov 6, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laborator Kalium kalium allows Reflected XSS.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-12895	WordPress Kalium	Med	0.34	5.3	Jan 15, 2026	The Kalium 3 \| Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.
CVE-2025-53348	WordPress Kalium	Med	0.34	5.3	Sep 9, 2025	Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-53347	WordPress Kalium	Med	0.28	4.3	Aug 14, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.

CVE-2025-49926HigOct 22, 2025
WordPress
Kalium
risk 0.47cvss 7.2epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.
CVE-2025-53349HigNov 6, 2025
WordPress
Kalium
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laborator Kalium kalium allows Reflected XSS.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-12895MedJan 15, 2026
WordPress
Kalium
risk 0.34cvss 5.3epss 0.00
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.
CVE-2025-53348MedSep 9, 2025
WordPress
Kalium
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-53347MedAug 14, 2025
WordPress
Kalium
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.