Browse all 26 CVE security advisories affecting HashThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hashthemes operates as a prominent developer and distributor of premium WordPress themes and plugins, catering primarily to web designers and agencies seeking pre-built, customizable website templates. Their extensive portfolio has attracted significant attention from security researchers due to the high volume of vulnerabilities discovered in their products. Historically, common flaw classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Privilege escalation vulnerabilities have also been frequently reported, allowing lower-privileged users to gain administrative access. While the company generally responds to reported issues, the sheer number of recorded CVEs highlights systemic challenges in their development lifecycle. These incidents underscore the risks associated with using third-party, commercially distributed WordPress assets that may not undergo rigorous security auditing prior to release.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-30486 | WordPress Square theme <= 2.0.0 - Broken Access Control — SquareCWE-862 | 4.3 | Medium | 2024-12-09 |
This page lists every published CVE security advisory associated with HashThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.