Cyber Resilience

CVE-2025-4606

Critical

Published: 09 July 2025

Published
09 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4606 is a critical-severity Unverified Password Change (CWE-620) vulnerability in Themeforest (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-4606 is a privilege escalation vulnerability affecting the Sala - Startup & SaaS WordPress Theme for WordPress in all versions up to and including 1.1.4. The issue stems from the theme failing to properly validate a user's identity before allowing updates to account details, such as passwords. This flaw, classified under CWE-620 (Unverified Privilege Delegation), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By leveraging the inadequate validation, attackers can arbitrarily change passwords for any user account, including administrators, enabling full account takeover and subsequent control over the WordPress site.

Advisories detailing the vulnerability, including potential mitigation steps, are available from sources such as the Wordfence threat intelligence page (https://www.wordfence.com/threat-intel/vulnerabilities/id/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve) and the theme's ThemeForest listing (https://themeforest.net/item/sala-startup-saas-wordpress-theme/33843955?s_rank=4), published on 2025-07-09. Security practitioners should consult these for guidance on updates or workarounds.

EU & UK References

Vulnerability details

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior…

more

to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated remote password modification flaw in public-facing WordPress app enables exploitation for privilege escalation (T1068) and exploitation of public-facing application (T1190) leading to admin account takeover.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-9286Shared CWE-620
CVE-2025-63362Shared CWE-620
CVE-2024-12824Shared CWE-620
CVE-2025-1107Shared CWE-620
CVE-2026-30458Shared CWE-620
CVE-2024-13373Shared CWE-620
CVE-2024-45647Shared CWE-620
CVE-2025-11235Shared CWE-620
CVE-2024-12860Shared CWE-620
CVE-2024-13375Shared CWE-620

Affected Assets

Themeforest
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires verification of user identity and secure management of authenticators like passwords prior to changes, directly addressing the theme's failure to validate identity before password updates.

prevent

AC-3 enforces approved authorizations for access to system resources, preventing unauthenticated attackers from updating arbitrary user account details including passwords.

prevent

AC-2 mandates secure account management processes, including authorization and review of account changes, mitigating unauthorized privilege escalation via account takeover.

References