Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dream-Theme — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Dream-Theme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dream-Theme develops WordPress themes and website templates for small businesses and personal blogs. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution flaws, and privilege escalation issues due to insufficient input validation and improper access controls. Security researchers have identified multiple instances of hardcoded credentials and insecure direct object references in their themes. While no major public security incidents have been widely reported, the accumulation of 8 CVEs demonstrates a consistent pattern of security weaknesses that could allow attackers to compromise websites, steal data, or distribute malicious content through compromised themes.

Top products by Dream-Theme: The7 The7 — Website and eCommerce Builder for WordPress The7 Elements
CVE IDTitleCVSSSeverityPublished
CVE-2025-63076 WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability — The7 ElementsCWE-98 7.5 High2025-12-09
CVE-2025-63074 WordPress The7 theme < 12.8.1.1 - Local File Inclusion vulnerability — The7CWE-98 7.5 High2025-12-09
CVE-2025-63073 WordPress The7 theme < 12.9.0 - Cross Site Scripting (XSS) vulnerability — The7CWE-79 6.5 Medium2025-12-09
CVE-2025-11897 The7 — Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' — The7 — Website and eCommerce Builder for WordPressCWE-79 6.4 Medium2025-10-25
CVE-2025-7726 The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes — The7 — Website and eCommerce Builder for WordPressCWE-79 6.4 Medium2025-08-09
CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute — The7 — Website and eCommerce Builder for WordPressCWE-79 6.4 Medium2024-06-25
CVE-2023-32123 WordPress The7 Theme <= 11.7.3 is vulnerable to Cross Site Request Forgery (CSRF) — The7CWE-352 6.1 Medium2023-11-13
CVE-2023-29100 WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS) — The7CWE-79 7.1 High2023-06-23

This page lists every published CVE security advisory associated with Dream-Theme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.