Browse all 5 CVE security advisories affecting AivahThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AivahThemes develops WordPress themes and website templates for businesses and individuals. Historically, their products have been vulnerable to multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The company currently has five CVEs on record, with several flaws allowing unauthorized access or malicious code execution. While no major public security incidents have been documented, their consistent vulnerability history suggests a need for improved security practices in theme development and regular updates. Users should implement proper input validation and access controls when deploying these themes to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27338 | WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability — Car ZoneCWE-502 | 8.8 | High | 2026-03-05 |
| CVE-2025-68907 | WordPress Hostme v2 theme <= 7.0 - Arbitrary File Deletion vulnerability — Hostme v2CWE-22 | 7.5 | High | 2026-01-22 |
| CVE-2025-68901 | WordPress Anona theme <= 8.0 - Arbitrary File Deletion vulnerability — AnonaCWE-22 | 8.6 | High | 2026-01-22 |
| CVE-2025-68902 | WordPress Anona theme <= 8.0 - Arbitrary File Download vulnerability — AnonaCWE-22 | 7.5 | High | 2026-01-22 |
| CVE-2025-68903 | WordPress Anona theme <= 8.0 - PHP Object Injection vulnerability — AnonaCWE-502 | 8.8 | High | 2026-01-22 |
This page lists every published CVE security advisory associated with AivahThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.