Browse all 4 CVE security advisories affecting Catch Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Catch Themes develops WordPress themes and website builders, primarily serving small businesses and bloggers. Historically, their products have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The company has accumulated four CVEs to date, with several instances allowing unauthorized access or code execution due to insufficient input validation and improper access controls. While no major public security incidents have been documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Users should implement regular updates and security hardening measures when using these themes to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67543 | WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — Essential WidgetsCWE-79 | 6.5 | Medium | 2025-12-09 |
This page lists every published CVE security advisory associated with Catch Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.