CVE-2025-10690 – Goza – Nonprofit Charity WordPress Theme

CVE ID : CVE-2025-10690

Published : Sept. 19, 2025, 2:27 a.m. | 35 minutes ago

Description : The Goza – Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the ‘beplus_import_pack_install_plugin’ function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…