Browse all 4 CVE security advisories affecting ModelTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ModelTheme is a WordPress theme provider offering customizable templates for websites. Historically, their themes have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by four recorded CVEs. These weaknesses often stem from insufficient input validation and improper permission checks. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests a need for improved security practices in theme development. Users should maintain regular updates and implement additional security measures to mitigate potential risks associated with these themes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-69303 | WordPress ModelTheme Framework plugin < 2.0.0 - Broken Access Control vulnerability — ModelTheme FrameworkCWE-862 | 7.5 | High | 2026-02-20 |
| CVE-2025-68531 | WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability — ModelTheme Addons for WPBakery and ElementorCWE-502 | 8.8 | High | 2026-02-20 |
| CVE-2025-68532 | WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - Cross Site Scripting (XSS) vulnerability — ModelTheme Addons for WPBakery and ElementorCWE-79 | 6.5 | Medium | 2025-12-24 |
| CVE-2024-52445 | WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.4 - PHP Object Injection vulnerability — QRMenu Restaurant QR Menu LiteCWE-502 | 8.8 | High | 2024-11-20 |
This page lists every published CVE security advisory associated with ModelTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.