Browse all 3 CVE security advisories affecting NiteoThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NiteoThemes develops WordPress themes and plugins for website customization. Historically, their products have been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input validation and improper sanitization. The company has three CVEs on record, primarily affecting their themes' administrative interfaces. Security researchers have identified consistent patterns in their codebase that allow attackers to execute arbitrary code or inject malicious scripts through crafted requests. While no major public security incidents have been documented, the recurring nature of these vulnerabilities suggests a need for improved security practices in their development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-32118 | WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability — CMP – Coming Soon & MaintenanceCWE-434 | 9.1 | Critical | 2025-04-04 |
| CVE-2025-31769 | WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability — CLP – Custom Login Page by NiteoThemesCWE-352 | 4.3 | Medium | 2025-04-01 |
| CVE-2023-50374 | WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability — CMP – Coming Soon & MaintenanceCWE-918 | 5.5 | Medium | 2024-03-28 |
This page lists every published CVE security advisory associated with NiteoThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.