Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Extend Themes — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting Extend Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Extend Themes develops WordPress themes and website templates for businesses and content creators. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. With seven CVEs documented, these security gaps have allowed attackers to execute arbitrary code, steal session cookies, and gain unauthorized administrative access. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in their extensions suggests a need for more rigorous security testing and input sanitization practices to protect end users.

Top products by Extend Themes: Colibri Page Builder Calliope Teluro Pathway EmpowerWP Kubio AI Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2026-34887 WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability — Kubio AI Page BuilderCWE-79 6.5 Medium2026-03-31
CVE-2025-59593 WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability — Colibri Page BuilderCWE-79 5.9 Medium2025-10-22
CVE-2025-32185 WordPress Colibri Page Builder plugin <= 1.0.329 - Cross Site Scripting (XSS) vulnerability — Colibri Page BuilderCWE-79 6.5 Medium2025-04-04
CVE-2024-34809 WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability — EmpowerWPCWE-352 4.3 Medium2024-05-17
CVE-2024-33686 Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes — PathwayCWE-862 4.3 Medium2024-04-29
CVE-2024-33688 WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability — TeluroCWE-352 4.3 Medium2024-04-26
CVE-2024-2904 WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability — CalliopeCWE-352 4.3 Medium2024-03-26

This page lists every published CVE security advisory associated with Extend Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.