Browse all 3 CVE security advisories affecting KlbTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KlbTheme is a WordPress theme provider offering pre-designed templates for websites, primarily targeting small businesses and bloggers. Historically, the theme has been associated with multiple critical vulnerabilities, including remote code execution (RCE) and cross-site scripting (XSS), often stemming from insufficient input validation and improper permission checks. The three publicly disclosed CVEs highlight recurring issues in file handling and access control, potentially allowing attackers to execute arbitrary code or compromise user sessions. While no major public security incidents have been documented, the pattern of vulnerabilities suggests consistent implementation flaws that could lead to complete site compromise if unpatched.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-49186 | WordPress Machic Core plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability — Machic CoreCWE-79 | 7.1 | High | 2026-01-05 |
| CVE-2023-49838 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme — Clotya themeCWE-352 | 4.3 | Medium | 2024-03-26 |
| CVE-2023-49839 | Reflected Cross-Site Scripting vulnerability in multiple WordPress components by KlbTheme — Cosmetsy theme (core plugin)CWE-79 | 7.1 | High | 2024-03-26 |
This page lists every published CVE security advisory associated with KlbTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.