Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GoodLayers — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting GoodLayers. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GoodLayers develops WordPress themes and page builders for website creation. Historically, the company's products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the 14 CVEs on record indicate a pattern of security weaknesses that could allow attackers to compromise websites. Organizations using GoodLayers themes should maintain regular updates and implement additional security controls to mitigate potential risks associated with these recurring vulnerability types.

Top products by GoodLayers: Goodlayers Hotel Goodlayers Hostel Goodlayers Core Tourmaster Modernize Tour Master - Tour Booking, Travel, Hotel Goodlayers Blocks
CVE IDTitleCVSSSeverityPublished
CVE-2025-59580 WordPress Goodlayers Core plugin < 2.1.7 - Privilege Escalation vulnerability — Goodlayers CoreCWE-266 8.8 High2025-10-22
CVE-2025-53342 WordPress Modernize Theme <= 3.4.0 - Cross Site Scripting (XSS) Vulnerability — ModernizeCWE-79 6.5 Medium2025-08-14
CVE-2025-53343 WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability — ModernizeCWE-862 4.3 Medium2025-08-14
CVE-2025-39500 WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability — Goodlayers HostelCWE-502 9.8 Critical2025-05-23
CVE-2025-39502 WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Goodlayers HostelCWE-79 7.1 High2025-05-23
CVE-2025-39501 WordPress Goodlayers Hostel plugin <= 3.1.4 - SQL Injection vulnerability — Goodlayers HostelCWE-89 9.3 Critical2025-05-23
CVE-2025-39504 WordPress Goodlayers Hotel plugin <= 3.1.4 - SQL Injection vulnerability — Goodlayers HotelCWE-89 9.3 Critical2025-05-23
CVE-2025-39503 WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability — Goodlayers HotelCWE-502 9.8 Critical2025-05-23
CVE-2025-39505 WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Goodlayers HotelCWE-79 7.1 High2025-05-23
CVE-2025-48292 WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability — TourmasterCWE-98 8.1 High2025-05-23
CVE-2025-32923 WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability — TourmasterCWE-79 7.1 High2025-04-15
CVE-2025-23521 WordPress Goodlayers Blocks plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Goodlayers BlocksCWE-79 7.1 High2025-03-03
CVE-2024-13369 Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter — Tour Master - Tour Booking, Travel, HotelCWE-89 6.5 Medium2025-02-18
CVE-2024-11200 Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' — Goodlayers CoreCWE-79 6.1 Medium2024-12-03

This page lists every published CVE security advisory associated with GoodLayers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.