Bearsthemes Goza Nonprofit Charity Wordpress Theme vulnerabilities
2 known vulnerabilities affecting bearsthemes/goza_nonprofit_charity_wordpress_theme.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-10690P2CRITICALCVSS 9.8≤ 3.2.22025-09-19
CVE-2025-10690 [CRITICAL] CWE-862 CVE-2025-10690: The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbit
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to upload zip files containing webshells disgui
nvd
CVE-2025-10134P2CRITICALCVSS 9.1v3.2.22025-09-09
CVE-2025-10134 [CRITICAL] CWE-73 CVE-2025-10134: The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file del
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easil
nvd