CVE-2025-12895
Last modified
CVE-2025-12895 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-12895?
How severe is CVE-2025-12895?
How do I fix CVE-2025-12895?
Are you affected by CVE-2025-12895?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST