CVE-2025-12895
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| laborator | kalium | to 3.29 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Kalium WordPress theme to a version later than 3.29 where the security fix has been applied. The changelog indicates that security improvements and validation enhancements were made up to version 3.29 to address unauthorized code execution and related vulnerabilities. Ensuring your theme is updated to the latest version will prevent exploitation of the missing capability check in the kalium_vc_contact_form_request() function. [2]
Can you explain this vulnerability to me?
The Kalium 3 WordPress & WooCommerce theme has a vulnerability in the kalium_vc_contact_form_request() function due to a missing capability check. This allows unauthenticated attackers to exploit the theme as an open mail relay, enabling them to send emails to arbitrary addresses on the server's behalf without authorization.
How can this vulnerability impact me? :
This vulnerability can be exploited by attackers to send unauthorized emails from your server, potentially leading to your server being used for spam or phishing campaigns. This can damage your server's reputation, cause blacklisting by email providers, and increase the risk of further attacks or abuse.