Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

DeluxeThemes — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting DeluxeThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DeluxeThemes develops WordPress themes and plugins for website customization. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, contributing to 11 recorded CVEs. These flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across their products indicates ongoing security challenges that require remediation. Users should maintain vigilance by applying updates promptly and implementing additional security measures to mitigate potential risks associated with these themes.

Top products by DeluxeThemes: Userpro Private Messages for UserPro Media Manager for UserPro
CVE IDTitleCVSSSeverityPublished
CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability — UserproCWE-352 4.3 Medium2026-04-15
CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability — UserproCWE-862 7.5 High2025-12-24
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update — Media Manager for UserProCWE-862 9.8 Critical2025-01-30
CVE-2024-12821 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Media Manager for UserProCWE-862 8.8 High2025-01-30
CVE-2025-22322 WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability — Private Messages for UserProCWE-79 7.1 High2025-01-21
CVE-2025-22311 WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability — Private Messages for UserProCWE-98 7.5 High2025-01-21
CVE-2024-56210 WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability — UserproCWE-79 7.1 High2024-12-31
CVE-2024-56212 WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability — UserproCWE-89 8.5 High2024-12-31
CVE-2024-56211 WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability — UserproCWE-862 8.8 High2024-12-31
CVE-2024-56214 WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability — UserproCWE-35 8.3 High2024-12-31
CVE-2024-35700 WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability — UserproCWE-266 9.8 Critical2024-06-04

This page lists every published CVE security advisory associated with DeluxeThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.