CVE-2025-10134
📋 TL;DR
This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the Goza theme. Attackers can achieve remote code execution by deleting critical files like wp-config.php. All WordPress sites using Goza theme versions up to 3.2.2 are affected.
💻 Affected Systems
- Goza - Nonprofit Charity WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution leading to data theft, defacement, or ransomware deployment.
Likely Case
Site disruption or takedown through deletion of critical WordPress files, potentially requiring full restoration from backups.
If Mitigated
Limited impact if file deletion is detected and blocked by security controls before critical files are removed.
🎯 Exploit Status
Exploitation requires knowledge of file paths but is straightforward once identified. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.2.2
Vendor Advisory: https://themeforest.net/item/goza-nonprofit-charity-wordpress-theme/23781575
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update Goza theme to latest version. 4. Clear any caching plugins. 5. Verify theme functions properly after update.
🔧 Temporary Workarounds
Disable vulnerable function via plugin
allAdd code to functions.php or custom plugin to disable the alone_import_pack_restore_data() function
add_action('init', function() { remove_action('rest_api_init', 'alone_import_pack_restore_data'); });
Web Application Firewall rule
allBlock requests to the vulnerable REST API endpoint
Block POST requests to /wp-json/alone/v1/import-pack-restore-data
🧯 If You Can't Patch
- Switch to a different WordPress theme immediately
- Implement strict file permission controls (disable write/delete for web user on critical files)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Goza theme version 3.2.2 or earlierCheck Version:
wp theme list --field=name,version --format=csv | grep gozaVerify Fix Applied:
Confirm Goza theme version is higher than 3.2.2 in WordPress admin📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-json/alone/v1/import-pack-restore-data with file deletion parameters
- Unexpected file deletion events in system logs
Network Indicators:
- HTTP 200 responses from the vulnerable endpoint with file operation parameters
SIEM Query:
source="web_access" AND uri_path="/wp-json/alone/v1/import-pack-restore-data" AND http_method="POST"