Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mikado-Themes — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting Mikado-Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mikado-Themes operates as a provider of WordPress themes and plugins, primarily targeting e-commerce and general website design. Security audits have identified seventy confirmed Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these vulnerabilities predominantly stem from insufficient input validation and improper access controls, resulting in critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access. While specific high-profile incidents involving widespread data breaches are not widely publicized, the sheer volume of CVEs indicates systemic issues in the development lifecycle. The lack of robust sanitization in theme functions has consistently exposed user data and server integrity to exploitation. This pattern suggests that security testing was not a primary focus during the software’s creation, leaving numerous installations vulnerable to automated attacks and manual exploitation by threat actors seeking to compromise WordPress-based infrastructure.

Top products by Mikado-Themes: PawFriends - Pet Shop and Veterinary WordPress Theme Wanderland Dolcino Justicia Innovio Holmes Overton Verdure Cocco Fiorello Curly Fleur FiveStar Powerlift Rosebud Backpack Traveler Wilmër GoTravel TopScorer - Sports WordPress Theme TopFit - Fitness and Gym WordPress Theme Evently Cortex Marra Roam Curly Core Deston Amfissa Belfort LuxeDrive Emaurri
CVE IDTitleCVSSSeverityPublished
CVE-2026-39538 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability — Mikado CoreCWE-98 7.5 High2026-04-08
CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability — StålCWE-502 5.4 Medium2026-03-25
CVE-2026-32508 WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability — HalsteinCWE-502 5.4 Medium2026-03-25
CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability — RosebudCWE-98 8.1 High2026-03-25
CVE-2026-27079 WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability — AmfissaCWE-98 8.1 High2026-03-25
CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability — DestonCWE-98 8.1 High2026-03-25
CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability — LuxeDriveCWE-98 8.1 High2026-03-25
CVE-2026-27078 WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability — EmaurriCWE-98 8.1 High2026-03-25
CVE-2026-27077 WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability — MultiOfficeCWE-98 8.1 High2026-03-25
CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability — BelfortCWE-98 8.1 High2026-03-25
CVE-2026-27047 WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability — Curly CoreCWE-98 8.1 High2026-03-25
CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability — TopScorer - Sports WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27342 WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability — TopFit - Fitness and Gym WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-22457 WordPress Wanderland theme <= 1.5 - Local File Inclusion vulnerability — WanderlandCWE-98 8.1 High2026-03-05
CVE-2026-22429 WordPress Verdure theme <= 1.6 - Local File Inclusion vulnerability — VerdureCWE-98 8.1 High2026-03-05
CVE-2026-22427 WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability — GoTravelCWE-98 8.1 High2026-03-05
CVE-2026-22414 WordPress Marra theme <= 1.2 - Local File Inclusion vulnerability — MarraCWE-98 8.1 High2026-03-05
CVE-2026-22410 WordPress Dolcino theme <= 1.6 - Local File Inclusion vulnerability — DolcinoCWE-98 8.1 High2026-03-05
CVE-2026-22408 WordPress Justicia theme <= 1.2 - Local File Inclusion vulnerability — JusticiaCWE-98 8.1 High2026-03-05
CVE-2026-22412 WordPress Eona theme <= 1.3 - Local File Inclusion vulnerability — EonaCWE-98 8.1 High2026-03-05
CVE-2026-22413 WordPress Malgré theme <= 1.0.3 - Local File Inclusion vulnerability — MalgréCWE-98 8.1 High2026-03-05
CVE-2026-22405 WordPress Overton theme <= 1.3 - Local File Inclusion vulnerability — OvertonCWE-98 8.1 High2026-03-05
CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability — HolmesCWE-98 8.1 High2026-03-05
CVE-2026-22403 WordPress Innovio theme <= 1.9 - Local File Inclusion vulnerability — InnovioCWE-98 8.1 High2026-03-05
CVE-2026-22397 WordPress Fleur theme <= 2.2.1 - Local File Inclusion vulnerability — FleurCWE-98 8.1 High2026-03-05
CVE-2026-22394 WordPress Evently theme <= 1.7 - Local File Inclusion vulnerability — EventlyCWE-98 8.1 High2026-03-05
CVE-2026-22392 WordPress Cortex theme <= 1.9 - Local File Inclusion vulnerability — CortexCWE-98 8.1 High2026-03-05
CVE-2026-22395 WordPress Fiorello theme <= 1.0 - Local File Inclusion vulnerability — FiorelloCWE-98 8.1 High2026-03-05
CVE-2026-22387 WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability — AvianaCWE-98 8.1 High2026-03-05
CVE-2026-22389 WordPress Cocco theme <= 2.0 - Local File Inclusion vulnerability — CoccoCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with Mikado-Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.