Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Chimpstudio — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Chimpstudio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Chimpstudio develops WordPress themes and plugins for website building, with 15 CVEs recorded primarily involving remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Historically, their products have shown weaknesses in input validation, insufficient access controls, and insecure deserialization, often leading to complete system compromise. While no major public security incidents have been documented, the consistent pattern of vulnerabilities across their portfolio suggests systemic security gaps in their development lifecycle. Their codebase frequently fails to implement proper sanitization and authentication mechanisms, making installations attractive targets for attackers seeking unauthorized administrative access or website takeover capabilities.

Top products by Chimpstudio: WP Foodbakery WP Directorybox Manager CS Framework FoodBakery | Delivery Restaurant Directory WordPress Theme WP Real Estate Manager Foodbakery Sticky Cart FoodBakery JobHunt Job Alerts
CVE IDTitleCVSSSeverityPublished
CVE-2025-39536 WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability — JobHunt Job AlertsCWE-862 8.2 High2025-05-23
CVE-2025-32927 WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability — FoodBakeryCWE-502 9.8 Critical2025-05-19
CVE-2025-39356 WordPress Foodbakery Sticky Cart plugin <= 3.2 - PHP Object Injection vulnerability — Foodbakery Sticky CartCWE-502 9.8 Critical2025-05-19
CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions — FoodBakery | Delivery Restaurant Directory WordPress ThemeCWE-862 8.8 High2025-03-19
CVE-2024-13933 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions — FoodBakery | Delivery Restaurant Directory WordPress ThemeCWE-352 8.8 High2025-03-19
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read — CS FrameworkCWE-73 7.5 High2025-03-07
CVE-2024-12035 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion — CS FrameworkCWE-22 8.8 High2025-03-07
CVE-2025-1515 WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover — WP Real Estate ManagerCWE-288 9.8 Critical2025-03-05
CVE-2024-13182 WP Directorybox Manager <= 2.5 - Authentication Bypass — WP Directorybox ManagerCWE-288 9.8 Critical2025-02-13
CVE-2025-0181 WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request — WP FoodbakeryCWE-288 9.8 Critical2025-02-11
CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation — WP FoodbakeryCWE-269 9.8 Critical2025-02-11
CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting — WP FoodbakeryCWE-79 6.1 Medium2025-02-10
CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload — WP FoodbakeryCWE-434 9.8 Critical2025-02-10
CVE-2025-0316 WP Directorybox Manager <= 2.5 - Authentication Bypass — WP Directorybox ManagerCWE-288 9.8 Critical2025-02-08
CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS) — WP FoodbakeryCWE-79 6.1 -2021-07-06

This page lists every published CVE security advisory associated with Chimpstudio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.