Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AncoraThemes — Vulnerabilities & Security Advisories 128

Browse all 128 CVE security advisories affecting AncoraThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AncoraThemes operates as a digital marketplace specializing in WordPress themes and plugins, catering primarily to web developers and small business owners seeking pre-built website solutions. The company’s extensive portfolio has historically been associated with a significant volume of security flaws, currently totaling 128 recorded Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly stem from insufficient input validation and sanitization, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Additionally, privilege escalation bugs have allowed unauthorized users to gain administrative access, compromising site integrity. While AncoraThemes has implemented security patches for many identified issues, the sheer number of disclosed CVEs highlights systemic challenges in code review processes. Users are advised to exercise caution, ensuring all installed components are updated to the latest secure versions to mitigate potential exploitation risks associated with these legacy and ongoing vulnerabilities.

Top products by AncoraThemes: Impacto Patronus CloudMe Jardi FixTeam Great Lotus Felizia Shaha Honor Woopy SevenHills KindlyCare Coworking Ironfit Parkivia Gustavo UnlimHost Prider Tornados Hobo Pearson Specter Snow Mountain Weedles DiveIt MoveMe Isida Zio Alberto Fooddy Blabber Netmix Yolox
CVE IDTitleCVSSSeverityPublished
CVE-2026-22515 WordPress VegaDays theme <= 1.2.0 - Local File Inclusion vulnerability — VegaDaysCWE-98 8.1 High2026-03-25
CVE-2026-22514 WordPress Unica theme <= 1.4.1 - Local File Inclusion vulnerability — UnicaCWE-98 8.1 High2026-03-25
CVE-2026-22516 WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability — Wizor'sCWE-98 8.1 High2026-03-25
CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability — MelodyCWE-502 8.1 High2026-03-25
CVE-2026-22513 WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability — TriompherCWE-98 8.1 High2026-03-25
CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability — BeeloveCWE-502 9.8 Critical2026-03-25
CVE-2026-22508 WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability — DentaluxCWE-98 8.1 High2026-03-25
CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability — Morning RecordsCWE-502 8.1 High2026-03-25
CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability — Mr. CobblerCWE-98 8.1 High2026-03-25
CVE-2026-22496 WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability — HypnotherapyCWE-98 8.1 High2026-03-25
CVE-2026-22495 WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability — GreenvilleCWE-98 8.1 High2026-03-25
CVE-2026-28123 WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability — VeilCWE-98 8.1 High2026-03-05
CVE-2026-28124 WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability — NotariusCWE-98 8.1 High2026-03-05
CVE-2026-28125 WordPress Midi theme <= 1.14 - Local File Inclusion vulnerability — MidiCWE-98 8.1 High2026-03-05
CVE-2026-28121 WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability — AndersonCWE-98 8.1 High2026-03-05
CVE-2026-28041 WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability — GritCWE-98 8.1 High2026-03-05
CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability — Chronicle - Lifestyle Magazine & Blog WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27339 WordPress Buzz Stone | Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability — Buzz Stone | Magazine & Viral Blog WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability — Apollo | Night Club, DJ Event WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27336 WordPress Consultor | Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2.4 - Local File Inclusion vulnerability — Consultor | Consulting, Accounting & Legal Counsel WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27335 WordPress Ekoterra - NonProfit, Green Energy & Ecology Theme theme <= 1.0.0 - Local File Inclusion vulnerability — Ekoterra - NonProfit, Green Energy & Ecology ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27097 WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability — CasaMia | Property Rental Real Estate WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-22497 WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability — JardiCWE-502 9.8 Critical2026-03-05
CVE-2026-22477 WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability — FeliziaCWE-98 8.1 High2026-03-05
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability — HandymanCWE-502 9.8 Critical2026-03-05
CVE-2026-22439 WordPress Green Planet theme <= 1.1.14 - Local File Inclusion vulnerability — Green PlanetCWE-98 8.1 High2026-03-05
CVE-2026-22437 WordPress Playa theme <= 1.3.9 - Local File Inclusion vulnerability — PlayaCWE-98 8.1 High2026-03-05
CVE-2026-22433 WordPress CloudMe theme <= 1.2.2 - Local File Inclusion vulnerability — CloudMeCWE-98 8.1 High2026-03-05
CVE-2026-22434 WordPress Crown Art theme <= 1.2.11 - Local File Inclusion vulnerability — Crown ArtCWE-98 8.1 High2026-03-05
CVE-2026-22435 WordPress ElectroServ theme <= 1.3.2 - Local File Inclusion vulnerability — ElectroServCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with AncoraThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.