Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShineTheme — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting ShineTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ShineTheme operates as a provider of WordPress themes and plugins, primarily targeting small businesses and e-commerce platforms seeking customizable web designs. Security audits reveal a concerning pattern of vulnerabilities, with twenty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from insufficient input validation and inadequate sanitization of user-supplied data. Privilege escalation issues further compound the risk, allowing unauthorized users to gain administrative access. While specific major incidents are not widely publicized in mainstream media, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. The lack of robust security controls suggests that users relying on ShineTheme products may face significant exposure to data breaches and unauthorized system modifications, necessitating rigorous third-party security assessments and immediate patching of identified vulnerabilities.

Found 14 results / 23Clear Filters
Top products by ShineTheme: Traveler Travel Booking WordPress Theme Traveler Code Traveler Layout Essential For Elementor Traveler Option Tree
CVE IDTitleCVSSSeverityPublished
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability — TravelerCWE-502 9.8 Critical2026-03-18
CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability — TravelerCWE-89 8.5 High2026-01-22
CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability — TravelerCWE-862 6.5 Medium2026-01-08
CVE-2025-64373 WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability — TravelerCWE-98 8.1 High2025-12-18
CVE-2025-64372 WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability — TravelerCWE-79 7.1 High2025-12-18
CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability — TravelerCWE-89 8.5 High2025-12-18
CVE-2025-63028 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability — TravelerCWE-862 5.3 Medium2025-12-09
CVE-2025-59012 WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — TravelerCWE-79 7.1 High2025-09-26
CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability — TravelerCWE-862 7.5 High2025-09-26
CVE-2025-52714 WordPress Traveler theme < 3.2.2 - SQL Injection Vulnerability — TravelerCWE-89 9.3 Critical2025-07-16
CVE-2025-26733 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability — TravelerCWE-862 8.2 High2025-03-27
CVE-2025-26873 WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability — TravelerCWE-502 9.0 Critical2025-03-27
CVE-2025-26898 WordPress Traveler theme < 3.2.1 - SQL Injection vulnerability — TravelerCWE-89 9.3 Critical2025-03-27
CVE-2025-26956 WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability — TravelerCWE-862 7.6 High2025-03-27

This page lists every published CVE security advisory associated with ShineTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.