Browse all 3 CVE security advisories affecting Deothemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Deothemes develops WordPress themes and templates for website creation, with a core use case of providing customizable website solutions. Historically, their products have been vulnerable to multiple security classes including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The three CVEs recorded for their themes indicate consistent security flaws, primarily stemming from insufficient input validation and improper access controls. No major public security incidents have been documented, but the recurring nature of vulnerabilities suggests a pattern of inadequate security testing in their development lifecycle. Their themes require careful configuration and regular updates to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6812 | Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter — OnaCWE-918 | 4.4 | Medium | 2026-05-02 |
| CVE-2026-32482 | WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability — OnaCWE-434 | 9.9 | Critical | 2026-03-25 |
| CVE-2023-3708 | Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting — AmelaCWE-79 | 6.1 | Medium | 2023-07-18 |
This page lists every published CVE security advisory associated with Deothemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.