Browse all 3 CVE security advisories affecting RSTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RSTheme is a WordPress theme provider offering pre-designed templates for websites, primarily targeting small to medium businesses. Historically, the themes have been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper permission checks. The three publicly disclosed CVEs affecting RSTheme products highlight ongoing security concerns, with RCE vulnerabilities being particularly severe as they can allow complete compromise of affected websites. Security researchers have noted that some RSTheme implementations contain hardcoded credentials and other insecure coding practices, increasing attack surfaces for potential breaches.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26745 | WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability — RS Elements Elementor AddonCWE-79 | 6.5 | Medium | 2025-04-15 |
| CVE-2025-24543 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Ultimate Coming Soon & MaintenanceCWE-352 | 4.3 | Medium | 2025-01-24 |
| CVE-2025-24546 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Ultimate Coming Soon & MaintenanceCWE-352 | 5.4 | Medium | 2025-01-24 |
This page lists every published CVE security advisory associated with RSTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.