Browse all 7 CVE security advisories affecting NasaTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NasaTheme is a WordPress theme designed for space and astronomy websites, offering pre-built templates for NASA-related content. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The theme's security record includes seven CVEs, with some instances allowing attackers to execute arbitrary code or gain elevated administrative access. These vulnerabilities typically arise in theme options, shortcodes, and file upload mechanisms, posing significant risks to unpatched installations. No major public security incidents have been widely reported, though the consistent discovery of flaws highlights ongoing security challenges in its development and maintenance.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-39508 | WordPress Nasa Core Plugin <= 6.4.4 - Cross Site Scripting (XSS) vulnerability — Nasa CoreCWE-79 | 7.1 | High | 2025-06-17 |
| CVE-2025-49067 | WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability — Nasa CoreCWE-79 | 6.5 | Medium | 2025-06-06 |
| CVE-2025-39506 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability — Nasa CoreCWE-98 | 8.1 | High | 2025-05-23 |
| CVE-2025-39507 | WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability — Nasa CoreCWE-98 | 7.5 | High | 2025-05-16 |
This page lists every published CVE security advisory associated with NasaTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.