Browse all 12 CVE security advisories affecting RexTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rextheme develops WordPress themes and plugins for website building, with 12 CVEs recorded primarily involving remote code execution and cross-site scripting vulnerabilities. Historically, their products have faced issues in insufficient input validation and improper access controls, leading to privilege escalation risks. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Their themes' extensive functionality and integration with multiple WordPress plugins create complex attack surfaces that require careful configuration and regular updates to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62885 | WordPress WP VR plugin <= 8.5.48 - Cross Site Scripting (XSS) vulnerability — WP VRCWE-79 | 6.5 | Medium | 2025-10-27 |
| CVE-2025-47452 | WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability — WP VRCWE-434 | 9.9 | Critical | 2025-06-17 |
| CVE-2025-24730 | WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability — WP VRCWE-79 | 6.5 | Medium | 2025-01-24 |
| CVE-2024-49680 | WordPress WP VR plugin <= 8.5.5 - Broken Access Control vulnerability — WP VRCWE-862 | 4.3 | Medium | 2024-11-19 |
| CVE-2024-49293 | WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability — WP VRCWE-862 | 4.3 | Medium | 2024-10-21 |
| CVE-2023-40663 | WordPress WP VR Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS) — WP VRCWE-79 | 7.1 | High | 2023-09-27 |
This page lists every published CVE security advisory associated with RexTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.