Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Select-Themes — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting Select-Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Select-Themes operates primarily as a provider of WordPress themes and plugins, catering to web developers and site owners seeking pre-designed templates for content management systems. Security audits have identified twenty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, highlighting significant risks in its codebase. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, instances of privilege escalation have been documented, allowing unauthorized users to gain administrative access. These flaws frequently arise from outdated coding practices and a lack of rigorous security testing prior to release. The accumulation of these CVEs suggests a pattern of neglecting critical security patches, posing substantial threats to websites relying on Select-Themes products without timely updates or additional security hardening measures.

Top products by Select-Themes: Stockholm Core Stockholm Prowess Select Core Struktur Don Peppe SetSail Membership Dessau SetSail Moments Mixtape Borgholm
CVE IDTitleCVSSSeverityPublished
CVE-2026-32502 WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability — BorgholmCWE-502 9.8 Critical2026-03-25
CVE-2026-25457 WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability — MixtapeCWE-98 8.1 High2026-03-25
CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability — MomentsCWE-98 8.1 High2026-03-25
CVE-2026-22446 WordPress Prowess theme <= 1.8.1 - Local File Inclusion vulnerability — ProwessCWE-98 8.1 High2026-03-05
CVE-2026-22449 WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability — Don PeppeCWE-98 8.1 High2026-03-05
CVE-2026-22423 WordPress SetSail theme <= 1.8 - Local File Inclusion vulnerability — SetSailCWE-98 8.1 High2026-03-05
CVE-2025-69407 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability — StrukturCWE-98 8.1 High2026-02-20
CVE-2026-24531 WordPress Prowess theme <= 2.3 - Local File Inclusion vulnerability — ProwessCWE-98 7.5 High2026-01-23
CVE-2026-22450 WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability — Don PeppeCWE-862 4.3 Medium2026-01-22
CVE-2026-22447 WordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerability — ProwessCWE-862 4.3 Medium2026-01-22
CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability — StrukturCWE-639 5.4 Medium2025-12-30
CVE-2025-68077 WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability — StockholmCWE-79 6.5 Medium2025-12-16
CVE-2025-68076 WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability — Stockholm CoreCWE-79 6.5 Medium2025-12-16
CVE-2025-68068 WordPress Stockholm theme <= 9.14.1 - Local File Inclusion vulnerability — StockholmCWE-98 7.5 High2025-12-16
CVE-2025-68067 WordPress Stockholm Core plugin <= 2.4.6 - Local File Inclusion vulnerability — Stockholm CoreCWE-98 7.5 High2025-12-16
CVE-2025-67539 WordPress Select Core plugin < 2.6 - Cross Site Scripting (XSS) vulnerability — Select CoreCWE-79 6.5 Medium2025-12-09
CVE-2025-67521 WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability — Select CoreCWE-98 7.5 High2025-12-09
CVE-2025-39463 WordPress Dessau theme < 1.9 - Local File Inclusion vulnerability — DessauCWE-98 7.5 High2025-11-06
CVE-2025-1564 SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover — SetSail MembershipCWE-288 9.8 Critical2025-03-01
CVE-2024-34554 WordPress Stockholm Core plugin <= 2.4.1 - Local File Inclusion vulnerability — Stockholm CoreCWE-22 8.5 High2024-06-04
CVE-2024-34552 WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability — StockholmCWE-22 8.5 High2024-06-04
CVE-2024-34551 WordPress Stockholm theme <= 9.6 - Unauthenticated Local File Inclusion vulnerability — StockholmCWE-22 9.0 Critical2024-06-04
CVE-2024-34553 WordPress Stockholm Core plugin <= 2.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Stockholm CoreCWE-79 7.1 High2024-05-08

This page lists every published CVE security advisory associated with Select-Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.