Browse all 28 CVE security advisories affecting ExtendThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Extendthemes operates as a developer of WordPress themes and plugins, primarily targeting e-commerce and business websites. Security audits reveal a concerning pattern of vulnerabilities, with 28 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Several incidents highlight critical privilege escalation risks, allowing unauthorized users to gain administrative access or execute arbitrary commands on affected servers. The high volume of disclosed CVEs suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and rigorous testing protocols. While specific major data breaches directly attributed to Extendthemes are not widely publicized, the frequency of these technical vulnerabilities poses significant operational risks for site administrators relying on their software.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-3204 | Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update — MaterialisCWE-862 | 6.5 | Medium | 2024-06-20 |
| CVE-2019-25142 | Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update — MaterialisCWE-862 | 8.8 | High | 2023-06-07 |
This page lists every published CVE security advisory associated with ExtendThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.