Browse all 15 CVE security advisories affecting PureThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PureThemes develops WordPress themes and templates for website creation. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The company has accumulated 15 CVEs to date, with multiple instances allowing attackers to execute arbitrary code or compromise administrative accounts. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their themes suggests ongoing challenges in secure development practices, potentially exposing users to significant risks if timely updates are not applied.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67960 | WordPress WorkScout-Core plugin <= 1.7.06 - Cross Site Scripting (XSS) vulnerability — WorkScout-CoreCWE-79 | 7.1 | High | 2026-01-22 |
| CVE-2025-59571 | WordPress WorkScout-Core plugin < 1.7.06 - Cross Site Scripting (XSS) vulnerability — WorkScout-CoreCWE-79 | 7.1 | High | 2025-10-22 |
| CVE-2025-59572 | WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability — WorkScout-CoreCWE-352 | 8.8 | High | 2025-09-22 |
This page lists every published CVE security advisory associated with PureThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.