Browse all 3 CVE security advisories affecting Nouthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nouthemes develops WordPress themes and templates for website creation, primarily serving small businesses and bloggers. Historically, their products have been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input validation and insecure file handling. These vulnerabilities often stem from inadequate sanitization of user-supplied data in theme options and template files. While no major public security incidents have been documented, the three CVEs associated with their products highlight recurring issues in access control and security hardening. Their themes typically require regular updates to address newly discovered flaws, emphasizing the importance of maintaining current versions to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10589 | Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Leopard - WordPress Offload MediaCWE-862 | 9.8 | Critical | 2024-11-09 |
| CVE-2024-43257 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability — Leopard - WordPress offload mediaCWE-200 | 6.5 | Medium | 2024-08-26 |
| CVE-2024-43256 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability — Leopard - WordPress offload mediaCWE-862 | 7.1 | High | 2024-08-19 |
This page lists every published CVE security advisory associated with Nouthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.