Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mikado-Themes — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting Mikado-Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mikado-Themes operates as a provider of WordPress themes and plugins, primarily targeting e-commerce and general website design. Security audits have identified seventy confirmed Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these vulnerabilities predominantly stem from insufficient input validation and improper access controls, resulting in critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access. While specific high-profile incidents involving widespread data breaches are not widely publicized, the sheer volume of CVEs indicates systemic issues in the development lifecycle. The lack of robust sanitization in theme functions has consistently exposed user data and server integrity to exploitation. This pattern suggests that security testing was not a primary focus during the software’s creation, leaving numerous installations vulnerable to automated attacks and manual exploitation by threat actors seeking to compromise WordPress-based infrastructure.

Top products by Mikado-Themes: PawFriends - Pet Shop and Veterinary WordPress Theme Wanderland Dolcino Justicia Innovio Holmes Overton Verdure Cocco Fiorello Curly Fleur FiveStar Powerlift Rosebud Backpack Traveler Wilmër GoTravel TopScorer - Sports WordPress Theme TopFit - Fitness and Gym WordPress Theme Evently Cortex Marra Roam Curly Core Deston Amfissa Belfort LuxeDrive Emaurri
CVE IDTitleCVSSSeverityPublished
CVE-2026-22383 WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability — PawFriends - Pet Shop and Veterinary WordPress ThemeCWE-639 7.5 High2026-02-20
CVE-2026-22381 WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability — PawFriends - Pet Shop and Veterinary WordPress ThemeCWE-98 8.1 High2026-02-20
CVE-2026-22344 WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability — FiveStarCWE-98 8.1 High2026-02-20
CVE-2025-69408 WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability — HealthFirstCWE-98 8.1 High2026-02-20
CVE-2026-24631 WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability — RosebudCWE-639 5.4 Medium2026-01-23
CVE-2026-22458 WordPress Wanderland theme <= 1.5 - Broken Access Control vulnerability — WanderlandCWE-862 4.3 Medium2026-01-22
CVE-2026-22430 WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability — VerdureCWE-639 5.4 Medium2026-01-22
CVE-2026-22411 WordPress Dolcino theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability — DolcinoCWE-639 5.4 Low2026-01-22
CVE-2026-22407 WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability — RoamCWE-639 5.4 Low2026-01-22
CVE-2026-22409 WordPress Justicia theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability — JusticiaCWE-639 5.4 Low2026-01-22
CVE-2026-22406 WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability — OvertonCWE-639 5.4 Low2026-01-22
CVE-2026-22398 WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability — FleurCWE-639 5.4 Medium2026-01-22
CVE-2026-22404 WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — InnovioCWE-639 5.4 Low2026-01-22
CVE-2026-22400 WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — HolmesCWE-639 5.4 Medium2026-01-22
CVE-2026-22391 WordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability — CoccoCWE-639 5.4 Medium2026-01-22
CVE-2026-22393 WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability — CurlyCWE-639 5.4 Medium2026-01-22
CVE-2026-22396 WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability — FiorelloCWE-639 5.4 Medium2026-01-22
CVE-2026-22382 WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability — PawFriends - Pet Shop and Veterinary WordPress ThemeCWE-352 5.4 Medium2026-01-22
CVE-2025-67940 WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability — PowerliftCWE-98 8.1 High2026-01-22
CVE-2025-67938 WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability — BiagiottiCWE-98 8.1 High2026-01-22
CVE-2025-54003 WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability — DepotCWE-98 8.1 High2026-01-22
CVE-2025-67937 WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability — HendonCWE-98 8.1 High2026-01-08
CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability — CurlyCWE-98 8.1 High2026-01-08
CVE-2025-67935 WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability — OptimizeCWE-98 8.1 High2026-01-08
CVE-2025-67934 WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability — WellspringCWE-98 8.1 High2026-01-08
CVE-2025-69034 WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability — LekkerCWE-98 8.1 High2025-12-30
CVE-2025-69030 WordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerability — Backpack TravelerCWE-639 5.4 Medium2025-12-30
CVE-2025-69032 WordPress FiveStar theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — FiveStarCWE-639 5.4 Medium2025-12-30
CVE-2025-67515 WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability — WilmërCWE-98 8.8 High2025-12-09
CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability — PowerliftCWE-862 4.3 Medium2025-12-09

This page lists every published CVE security advisory associated with Mikado-Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.