Browse all 81 CVE security advisories affecting BdThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-52377 | WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability — Instant Image GeneratorCWE-434 | 10.0 | Critical | 2024-11-14 |
This page lists every published CVE security advisory associated with BdThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.