Browse all 3 CVE security advisories affecting Blossom Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Blossom Themes develops WordPress themes focused on creating visually appealing websites for small businesses and bloggers. Historically, their products have been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often stemming from insufficient input sanitization and improper file handling. The themes have accumulated three CVEs, with one notable incident involving an RCE flaw in a popular theme that allowed attackers to execute arbitrary code through manipulated theme parameters. Security assessments indicate consistent weaknesses in access controls and file permissions, potentially enabling privilege escalation. Despite these issues, Blossom Themes remains widely used due to its user-friendly design options and affordability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-47849 | WordPress BlossomThemes Email Newsletter plugin <= 2.2.4 - Broken Access Control vulnerability — BlossomThemes Email NewsletterCWE-862 | 4.3 | Medium | 2024-12-09 |
| CVE-2024-37098 | WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability — BlossomThemes Email NewsletterCWE-918 | 4.4 | Medium | 2024-06-26 |
| CVE-2024-31429 | WordPress Sarada Lite theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Sarada LiteCWE-352 | 4.3 | Medium | 2024-04-15 |
This page lists every published CVE security advisory associated with Blossom Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.