GCVE - cpe:2.3:a:uxper:sala:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:uxper:sala:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Uxper (`6c56a358-8d6f-5c7d-9d6e-386b1220c2cf`)
Product	Sala (`73c78b14-4669-5bfc-9c1d-739eadc21dc7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-54709`	vulnerable	2026-06-08 07:33:13.103143	WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability HIGH (8.1) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. Published: 2025-09-09T16:25:32.947Z Updated: 2026-04-28T16:13:35.835Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-theme-1-1-6-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52826`	vulnerable	2026-06-08 07:31:13.013993	WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability HIGH (8.8) Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. Published: 2025-06-27T11:52:15.291Z Updated: 2026-04-28T16:13:19.848Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-1-1-3-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52803`	vulnerable	2026-06-08 07:31:12.990256	WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability HIGH (7.5) Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. Published: 2025-07-16T11:27:54.296Z Updated: 2026-04-28T16:13:19.397Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-1-1-3-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52739`	vulnerable	2026-06-08 07:31:12.904753	WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. Published: 2025-12-31T20:10:29.616Z Updated: 2026-04-28T16:13:17.982Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-theme-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.