Browse all 10 CVE security advisories affecting Jthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Jthemes develops WordPress themes and website templates, primarily serving small businesses and personal websites. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, the 10 CVEs attributed to their products highlight consistent security shortcomings. These vulnerabilities typically allow attackers to execute arbitrary code, steal session cookies, or gain elevated access, posing significant risks to unpatched installations. Security researchers have noted that many issues remain present across multiple theme versions, indicating systemic weaknesses in their development and testing processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59138 | WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability — GenemyCWE-918 | 4.9 | Medium | 2025-12-31 |
This page lists every published CVE security advisory associated with Jthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.