Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Fuelthemes — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Fuelthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fuelthemes develops WordPress themes and plugins for website building, with 9 CVEs recorded historically. Common vulnerabilities include stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Privilege escalation issues have also been documented in several products. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. The company's products remain popular despite these security concerns, indicating that users should prioritize timely updates and implement additional security layers when using their themes and plugins.

CVE IDTitleCVSSSeverityPublished
CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability — WerkstattCWE-352 4.3 Medium2026-07-02
CVE-2026-57689 WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability — WerkstattCWE-862 4.3 Medium2026-07-02
CVE-2026-27414 WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability — WerkstattCWE-502 8.8 High2026-07-02
CVE-2026-23801 WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability — The IssueCWE-98 8.1 High2026-03-05
CVE-2025-69322 WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability — PeakShopsCWE-98 8.1 High2026-02-20
CVE-2025-69294 WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability — PeakShopsCWE-502 8.8 High2026-02-20
CVE-2025-69314 WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability — WerkstattCWE-98 8.1 High2026-01-22
CVE-2025-69099 WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability — NorthCWE-502 8.8 High2026-01-22
CVE-2025-69100 WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability — NorthCWE-98 8.1 High2026-01-22
CVE-2025-63017 WordPress WerkStatt plugin plugin <= 1.6.6 - Local File Inclusion vulnerability — WerkStatt PluginCWE-98 7.5 High2026-01-22
CVE-2025-63003 WordPress North - Required Plugin plugin <= 1.4.2 - Local File Inclusion vulnerability — North - Required PluginCWE-98 7.5 High2025-12-09
CVE-2025-62066 WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability — RevolutionCWE-98 7.5 High2025-11-06

This page lists every published CVE security advisory associated with Fuelthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.