Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AncoraThemes — Vulnerabilities & Security Advisories 128

Browse all 128 CVE security advisories affecting AncoraThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AncoraThemes operates as a digital marketplace specializing in WordPress themes and plugins, catering primarily to web developers and small business owners seeking pre-built website solutions. The company’s extensive portfolio has historically been associated with a significant volume of security flaws, currently totaling 128 recorded Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly stem from insufficient input validation and sanitization, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Additionally, privilege escalation bugs have allowed unauthorized users to gain administrative access, compromising site integrity. While AncoraThemes has implemented security patches for many identified issues, the sheer number of disclosed CVEs highlights systemic challenges in code review processes. Users are advised to exercise caution, ensuring all installed components are updated to the latest secure versions to mitigate potential exploitation risks associated with these legacy and ongoing vulnerabilities.

Top products by AncoraThemes: Impacto Patronus CloudMe Jardi FixTeam Great Lotus Felizia Shaha Honor Woopy SevenHills KindlyCare Coworking Ironfit Parkivia Gustavo UnlimHost Prider Tornados Hobo Pearson Specter Snow Mountain Weedles DiveIt MoveMe Isida Zio Alberto Fooddy Blabber Netmix Yolox
CVE IDTitleCVSSSeverityPublished
CVE-2025-58896 WordPress Otaku theme <= 1.8.0 - Local File Inclusion vulnerability — OtakuCWE-98 8.1 High2025-12-18
CVE-2025-58890 WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability — PlayfulCWE-98 8.1 High2025-12-18
CVE-2025-58892 WordPress Tourimo theme <= 1.2.3 - Local File Inclusion vulnerability — TourimoCWE-98 8.1 High2025-12-18
CVE-2025-58891 WordPress Sanger theme <= 1.24.0 - Local File Inclusion vulnerability — SangerCWE-98 8.1 High2025-12-18
CVE-2025-58888 WordPress The Flash theme <= 1.15 - Local File Inclusion vulnerability — The FlashCWE-98 8.1 High2025-12-18
CVE-2025-58885 WordPress Pathfinder theme <= 1.16 - Local File Inclusion vulnerability — PathfinderCWE-98 8.1 High2025-12-18
CVE-2025-58879 WordPress Festy theme <= 1.13.0 - Local File Inclusion vulnerability — FestyCWE-98 8.1 High2025-12-18
CVE-2025-53431 WordPress Emberlyn theme <= 1.3.1 - Local File Inclusion vulnerability — EmberlynCWE-98 8.1 High2025-12-18
CVE-2025-53433 WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability — EasyEatCWE-98 9.8 Critical2025-12-18
CVE-2025-53430 WordPress Etta theme <= 1.14.0 - Local File Inclusion vulnerability — EttaCWE-98 8.1 High2025-12-18
CVE-2025-53434 WordPress ChildHope theme <= 1.1.8 - Local File Inclusion vulnerability — ChildHopeCWE-98 8.1 High2025-12-18
CVE-2025-53432 WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability — EchoCWE-98 8.1 High2025-12-18
CVE-2025-53429 WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability — Exit GameCWE-98 8.1 High2025-12-18
CVE-2025-52745 WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability — Farm AgricoCWE-98 8.1 High2025-12-18
CVE-2025-52768 WordPress Faith & Hope theme <= 2.13.0 - Local File Inclusion vulnerability — Faith & HopeCWE-98 8.1 High2025-12-18
CVE-2025-49942 WordPress Gardis theme <= 1.2.13 - Local File Inclusion vulnerability — GardisCWE-98 8.1 High2025-12-18
CVE-2025-49943 WordPress Femme theme <= 1.3.11 - Local File Inclusion vulnerability — FemmeCWE-98 8.1 High2025-12-18
CVE-2025-49941 WordPress GlamChic theme <= 1.0.11 - Local File Inclusion vulnerability — GlamChicCWE-98 8.1 High2025-12-18
CVE-2025-49371 WordPress Strux theme <= 1.9 - Local File Inclusion vulnerability — StruxCWE-98 8.1 High2025-12-18
CVE-2025-49369 WordPress Lettuce theme <= 1.1.7 - Local File Inclusion vulnerability — LettuceCWE-98 8.1 High2025-12-18
CVE-2025-49370 WordPress Lymcoin theme <= 1.3.12 - Local File Inclusion vulnerability — LymcoinCWE-98 8.1 High2025-12-18
CVE-2025-49368 WordPress Palladio theme <= 1.1.10 - Local File Inclusion vulnerability — PalladioCWE-98 8.1 High2025-12-18
CVE-2025-49367 WordPress Monyxi theme <= 1.1.8 - Local File Inclusion vulnerability — MonyxiCWE-98 8.1 High2025-12-18
CVE-2025-49364 WordPress Ludos Paradise theme <= 2.1.3 - Local File Inclusion vulnerability — Ludos ParadiseCWE-98 8.1 High2025-12-18
CVE-2025-49363 WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability — Kings & QueensCWE-98 8.1 High2025-12-18
CVE-2025-49366 WordPress Hanani theme <= 1.2.11 - Local File Inclusion vulnerability — HananiCWE-98 8.1 High2025-12-18
CVE-2025-49362 WordPress Gracioza theme <= 1.0.15 - Local File Inclusion vulnerability — GraciozaCWE-98 8.1 High2025-12-18
CVE-2025-49365 WordPress Jack Well theme <= 1.0.14 - Local File Inclusion vulnerability — Jack WellCWE-98 8.1 High2025-12-18
CVE-2025-49359 WordPress ShieldGroup theme <= 2.13 - Local File Inclusion vulnerability — ShieldGroupCWE-98 8.1 High2025-12-18
CVE-2025-49360 WordPress Militarology theme <= 1.0.15 - Local File Inclusion vulnerability — MilitarologyCWE-98 8.1 High2025-12-18

This page lists every published CVE security advisory associated with AncoraThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.