Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShineTheme — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting ShineTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ShineTheme operates as a provider of WordPress themes and plugins, primarily targeting small businesses and e-commerce platforms seeking customizable web designs. Security audits reveal a concerning pattern of vulnerabilities, with twenty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from insufficient input validation and inadequate sanitization of user-supplied data. Privilege escalation issues further compound the risk, allowing unauthorized users to gain administrative access. While specific major incidents are not widely publicized in mainstream media, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. The lack of robust security controls suggests that users relying on ShineTheme products may face significant exposure to data breaches and unauthorized system modifications, necessitating rigorous third-party security assessments and immediate patching of identified vulnerabilities.

Found 5 results / 23Clear Filters
Top products by ShineTheme: Traveler Travel Booking WordPress Theme Traveler Code Traveler Layout Essential For Elementor Traveler Option Tree
CVE IDTitleCVSSSeverityPublished
CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post — Travel Booking WordPress ThemeCWE-98 9.8 Critical2025-03-15
CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting — Travel Booking WordPress ThemeCWE-79 6.1 Medium2025-03-15
CVE-2024-12811 Traveler <= 3.1.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Travel Booking WordPress ThemeCWE-98 8.8 High2025-02-27
CVE-2024-11912 Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id — Travel Booking WordPress ThemeCWE-89 7.5 High2024-12-18
CVE-2024-11926 Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions — Travel Booking WordPress ThemeCWE-862 6.5 Medium2024-12-18

This page lists every published CVE security advisory associated with ShineTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.