Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShineTheme — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting ShineTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ShineTheme operates as a provider of WordPress themes and plugins, primarily targeting small businesses and e-commerce platforms seeking customizable web designs. Security audits reveal a concerning pattern of vulnerabilities, with twenty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from insufficient input validation and inadequate sanitization of user-supplied data. Privilege escalation issues further compound the risk, allowing unauthorized users to gain administrative access. While specific major incidents are not widely publicized in mainstream media, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. The lack of robust security controls suggests that users relying on ShineTheme products may face significant exposure to data breaches and unauthorized system modifications, necessitating rigorous third-party security assessments and immediate patching of identified vulnerabilities.

Top products by ShineTheme: Traveler Travel Booking WordPress Theme Traveler Code Traveler Layout Essential For Elementor Traveler Option Tree
CVE IDTitleCVSSSeverityPublished
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability — TravelerCWE-502 9.8 Critical2026-03-18
CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability — TravelerCWE-89 8.5 High2026-01-22
CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability — TravelerCWE-862 6.5 Medium2026-01-08
CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability — TravelerCWE-89 8.5 High2025-12-18
CVE-2025-64372 WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability — TravelerCWE-79 7.1 High2025-12-18
CVE-2025-64373 WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability — TravelerCWE-98 8.1 High2025-12-18
CVE-2025-49300 WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability — Traveler Option TreeCWE-201 2.7 Low2025-12-16
CVE-2025-63028 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability — TravelerCWE-862 5.3 Medium2025-12-09
CVE-2025-59012 WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — TravelerCWE-79 7.1 High2025-09-26
CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability — TravelerCWE-862 7.5 High2025-09-26
CVE-2025-52714 WordPress Traveler theme < 3.2.2 - SQL Injection Vulnerability — TravelerCWE-89 9.3 Critical2025-07-16
CVE-2025-26733 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability — TravelerCWE-862 8.2 High2025-03-27
CVE-2025-26873 WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability — TravelerCWE-502 9.0 Critical2025-03-27
CVE-2025-26898 WordPress Traveler theme < 3.2.1 - SQL Injection vulnerability — TravelerCWE-89 9.3 Critical2025-03-27
CVE-2025-26956 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability — TravelerCWE-862 7.6 High2025-03-27
CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post — Travel Booking WordPress ThemeCWE-98 9.8 Critical2025-03-15
CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting — Travel Booking WordPress ThemeCWE-79 6.1 Medium2025-03-15
CVE-2024-12811 Traveler <= 3.1.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Travel Booking WordPress ThemeCWE-98 8.8 High2025-02-27
CVE-2025-22700 WordPress Traveler Code plugin < 3.1.3 - Subscriber+ Arbitrary SQL Execution vulnerability — Traveler CodeCWE-89 8.5 High2025-02-04
CVE-2025-22699 WordPress Traveler Code plugin < 3.1.2 - Unauthenticated Arbitrary SQL Execution vulnerability — Traveler CodeCWE-89 9.0 Critical2025-02-04
CVE-2025-22701 WordPress Traveler Layout Essential For Elementor plugin < 1.4 - Server Side Request Forgery (SSRF) vulnerability — Traveler Layout Essential For ElementorCWE-918 5.4 Medium2025-02-03
CVE-2024-11912 Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id — Travel Booking WordPress ThemeCWE-89 7.5 High2024-12-18
CVE-2024-11926 Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions — Travel Booking WordPress ThemeCWE-862 6.5 Medium2024-12-18

This page lists every published CVE security advisory associated with ShineTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.