Browse all 11 CVE security advisories affecting DeluxeThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DeluxeThemes develops WordPress themes and plugins for website customization. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, contributing to 11 recorded CVEs. These flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across their products indicates ongoing security challenges that require remediation. Users should maintain vigilance by applying updates promptly and implementing additional security measures to mitigate potential risks associated with these themes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-53444 | WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability — UserproCWE-352 | 4.3 | Medium | 2026-04-15 |
| CVE-2025-68608 | WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability — UserproCWE-862 | 7.5 | High | 2025-12-24 |
| CVE-2024-56210 | WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability — UserproCWE-79 | 7.1 | High | 2024-12-31 |
| CVE-2024-56212 | WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability — UserproCWE-89 | 8.5 | High | 2024-12-31 |
| CVE-2024-56211 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability — UserproCWE-862 | 8.8 | High | 2024-12-31 |
| CVE-2024-56214 | WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability — UserproCWE-35 | 8.3 | High | 2024-12-31 |
| CVE-2024-35700 | WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability — UserproCWE-266 | 9.8 | Critical | 2024-06-04 |
This page lists every published CVE security advisory associated with DeluxeThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.