CVE-2025-26970 – WordPress Ark Theme Core plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability

https://notcve.org/view.php?id=CVE-2025-26970

24 Feb 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0. The ark-core plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.70.0. This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/wordpress/plugin/ark-core/vulnerability/wordpress-ark-theme-core-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •