Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HashThemes — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting HashThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hashthemes operates as a prominent developer and distributor of premium WordPress themes and plugins, catering primarily to web designers and agencies seeking pre-built, customizable website templates. Their extensive portfolio has attracted significant attention from security researchers due to the high volume of vulnerabilities discovered in their products. Historically, common flaw classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Privilege escalation vulnerabilities have also been frequently reported, allowing lower-privileged users to gain administrative access. While the company generally responds to reported issues, the sheer number of recorded CVEs highlights systemic challenges in their development lifecycle. These incidents underscore the risks associated with using third-party, commercially distributed WordPress assets that may not undergo rigorous security auditing prior to release.

Found 6 results / 26Clear Filters
Top products by HashThemes: Easy Elementor Addons Hash Elements Hash Form – Drag & Drop Form Builder Total Smart Blocks Hashthemes Demo Importer Viral News Viral Mag Square Hash Form Easy Elementor Addons – Addons Pack for Elementor Page Builder Mini Ajax Cart for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-58973 WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability — Easy Elementor AddonsCWE-98 7.5 High2025-09-22
CVE-2025-54712 WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability — Easy Elementor AddonsCWE-862 4.3 Medium2025-08-14
CVE-2025-54704 WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability — Easy Elementor AddonsCWE-79 6.5 Medium2025-08-14
CVE-2025-48295 WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability — Easy Elementor AddonsCWE-79 6.5 Medium2025-07-16
CVE-2025-26912 WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability — Easy Elementor AddonsCWE-79 6.5 Medium2025-02-25
CVE-2025-26761 WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability — Easy Elementor AddonsCWE-79 6.5 Medium2025-02-16

This page lists every published CVE security advisory associated with HashThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.