Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PureThemes — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting PureThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PureThemes develops WordPress themes and templates for website creation. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The company has accumulated 15 CVEs to date, with multiple instances allowing attackers to execute arbitrary code or compromise administrative accounts. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their themes suggests ongoing challenges in secure development practices, potentially exposing users to significant risks if timely updates are not applied.

Top products by PureThemes: Realteo Listeo Core WorkScout-Core Listeo Workscout Core Listeo - Directory & Listings With Booking - WordPress Theme WorkScout Listeo-Core - Directory Plugin by Purethemes
CVE IDTitleCVSSSeverityPublished
CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload — Listeo-Core - Directory Plugin by PurethemesCWE-434 5.3 Medium2026-04-04
CVE-2026-25461 WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability — Listeo CoreCWE-79 7.1 High2026-03-25
CVE-2025-67960 WordPress WorkScout-Core plugin <= 1.7.06 - Cross Site Scripting (XSS) vulnerability — WorkScout-CoreCWE-79 7.1 High2026-01-22
CVE-2025-67959 WordPress WorkScout theme <= 4.1.07 - Cross Site Scripting (XSS) vulnerability — WorkScoutCWE-79 7.1 High2026-01-22
CVE-2025-67932 WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability — Listeo CoreCWE-79 7.1 High2026-01-08
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode — Listeo - Directory & Listings With Booking - WordPress ThemeCWE-79 6.4 Medium2025-10-25
CVE-2025-59571 WordPress WorkScout-Core plugin < 1.7.06 - Cross Site Scripting (XSS) vulnerability — WorkScout-CoreCWE-79 7.1 High2025-10-22
CVE-2025-59572 WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability — WorkScout-CoreCWE-352 8.8 High2025-09-22
CVE-2025-49404 WordPress Listeo-Core Plugin < 2.0.7 - SQL Injection Vulnerability — Listeo CoreCWE-89 8.5 High2025-08-28
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' — RealteoCWE-269 9.8 Critical2025-03-14
CVE-2021-24317 Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities — ListeoCWE-79 6.1 -2021-06-01
CVE-2021-24318 Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities — ListeoCWE-284 6.5 -2021-06-01
CVE-2021-24246 WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS — Workscout CoreCWE-79 5.4 -2021-05-05
CVE-2021-24238 Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR — RealteoCWE-284 6.5 -2021-04-22
CVE-2021-24237 Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) — RealteoCWE-79 6.1 -2021-04-22

This page lists every published CVE security advisory associated with PureThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.