Browse all 4 CVE security advisories affecting Spoonthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spoonthemes develops WordPress themes and website templates for businesses and developers. Historically, their products have been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, as evidenced by their four recorded CVEs. These flaws often stem from insufficient input validation and improper access controls in theme files. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests a need for improved security practices in their development lifecycle. Users should implement regular updates and security hardening measures when using their themes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13375 | Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset — Adifier SystemCWE-620 | 9.8 | Critical | 2025-01-18 |
| CVE-2023-49753 | WordPress Adifier System plugin < 3.1.4 - Local File Inclusion vulnerability — Adifier SystemCWE-22 | 7.5 | High | 2024-05-17 |
| CVE-2023-49750 | WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection — Couponis - Affiliate & Submitting Coupons WordPress ThemeCWE-89 | 9.3 | Critical | 2023-12-19 |
| CVE-2023-49187 | WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS) — Adifier - Classified Ads WordPress ThemeCWE-79 | 7.1 | High | 2023-12-15 |
This page lists every published CVE security advisory associated with Spoonthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.