Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MVPThemes — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting MVPThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MVPThemes develops WordPress themes and plugins for website building, with a history of security vulnerabilities including multiple remote code execution (RCE) and cross-site scripting (XSS) flaws. Their products have been associated with privilege escalation issues due to insufficient access controls. The company has accumulated 7 CVEs, primarily stemming from input validation failures and insecure direct object references. While no major public security incidents have been documented, their vulnerability pattern suggests consistent issues with sanitizing user inputs and implementing proper authentication mechanisms. Security researchers have noted that MVPThemes' codebase often lacks robust protection against common web attack vectors, making their products potential targets for exploitation.

Top products by MVPThemes: ZoxPress - The All-In-One WordPress News Theme Zox News Zox News - Professional WordPress News & Magazine Theme Click Mag - Viral WordPress News Magazine/Blog Theme Flex Mag - Responsive WordPress News Theme The League
CVE IDTitleCVSSSeverityPublished
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability — The LeagueCWE-862 6.5 Medium2026-03-25
CVE-2024-13655 Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion — Flex Mag - Responsive WordPress News ThemeCWE-862 8.1 High2025-03-07
CVE-2024-13656 Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion — Click Mag - Viral WordPress News Magazine/Blog ThemeCWE-862 8.1 High2025-02-12
CVE-2024-13654 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion — ZoxPress - The All-In-One WordPress News ThemeCWE-862 8.1 High2025-02-12
CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — ZoxPress - The All-In-One WordPress News ThemeCWE-862 8.8 High2025-02-12
CVE-2024-13643 Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification — Zox News - Professional WordPress News & Magazine ThemeCWE-862 8.8 High2025-02-11
CVE-2024-11936 Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Zox NewsCWE-862 8.8 High2025-01-26

This page lists every published CVE security advisory associated with MVPThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.