Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeGoods — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting ThemeGoods. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeGoods operates as a digital marketplace specializing in WordPress themes and plugins, primarily targeting e-commerce and business sectors. Its extensive product catalog has historically attracted significant security scrutiny, resulting in forty-four recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes affecting its offerings include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and insecure file handling practices. Additionally, privilege escalation flaws have been documented, allowing unauthorized users to gain administrative access. These issues frequently arise from outdated codebases or poorly maintained third-party libraries integrated into the themes. While the company provides updates to address critical flaws, the high volume of past incidents highlights persistent challenges in maintaining rigorous security standards across a diverse portfolio of user-generated and commercial software components.

Top products by ThemeGoods: Photography Grand Restaurant PhotoMe Altair Grand Blog Grand Magazine Grand Tour Grand Conference Grand Conference Theme Custom Post Type Capella Grand Car Rental Grand Portfolio Grand Photography Architecturer Musico Grand News Starto Grand Wedding Grand Spa Grand Restaurant Theme Elements for Elementor Craft DotLife Hoteller
CVE IDTitleCVSSSeverityPublished
CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability — Grand MagazineCWE-352 5.4 Medium2026-04-08
CVE-2026-39633 WordPress Grand Car Rental theme <= 3.6.9 - Cross Site Request Forgery (CSRF) vulnerability — Grand Car RentalCWE-352 6.5 Medium2026-04-08
CVE-2026-39634 WordPress Grand Portfolio theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability — Grand PortfolioCWE-352 5.4 Medium2026-04-08
CVE-2026-39632 WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability — Grand BlogCWE-352 6.5 Medium2026-04-08
CVE-2026-39603 WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability — Grand PhotographyCWE-352 5.4 Medium2026-04-08
CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability — PhotographyCWE-434 7.2 High2026-03-19
CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability — MusicoCWE-79 7.1 High2026-03-05
CVE-2026-27358 WordPress Architecturer theme < 3.9.5 - Cross Site Scripting (XSS) vulnerability — ArchitecturerCWE-79 7.1 High2026-03-05
CVE-2026-27353 WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability — Grand NewsCWE-79 7.1 High2026-03-05
CVE-2026-27352 WordPress Starto theme < 2.2.5 - Cross Site Scripting (XSS) vulnerability — StartoCWE-79 7.1 High2026-03-05
CVE-2026-27348 WordPress Photography theme < 7.7.6 - Cross Site Scripting (XSS) vulnerability — PhotographyCWE-79 7.1 High2026-03-05
CVE-2026-22417 WordPress Grand Wedding theme < 3.1.11 - PHP Object Injection vulnerability — Grand WeddingCWE-502 9.8 Critical2026-03-05
CVE-2026-24949 WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability — PhotoMeCWE-79 7.1 High2026-02-20
CVE-2026-24943 WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability — Grand ConferenceCWE-79 7.1 High2026-02-20
CVE-2025-69370 WordPress Capella theme <= 2.5.5 - PHP Object Injection vulnerability — CapellaCWE-502 9.8 Critical2026-02-20
CVE-2025-69301 WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability — PhotoMeCWE-502 9.8 Critical2026-02-20
CVE-2026-23542 WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability — Grand RestaurantCWE-502 9.8 Critical2026-02-19
CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability — Grand BlogCWE-918 5.4 Medium2026-02-03
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability — PhotoMeCWE-918 5.4 Medium2026-01-22
CVE-2025-69321 WordPress Grand Spa theme <= 3.5.5 - Reflected Cross Site Scripting (XSS) vulnerability — Grand SpaCWE-79 7.1 High2026-01-22
CVE-2025-69320 WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability — Grand MagazineCWE-79 7.1 High2026-01-22
CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability — CraftCWE-79 7.1 High2026-01-22
CVE-2025-68520 WordPress DotLife theme < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability — DotLifeCWE-79 7.1 High2026-01-22
CVE-2025-68518 WordPress Hoteller theme < 6.8.9 - Reflected Cross Site Scripting (XSS) vulnerability — HotellerCWE-79 7.1 High2026-01-22
CVE-2025-68510 WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability — PhotographyCWE-98 8.1 High2026-01-22
CVE-2025-67952 WordPress Grand Tour theme < 5.6.2 - Cross Site Scripting (XSS) vulnerability — Grand TourCWE-79 7.1 High2026-01-22
CVE-2025-63026 WordPress Grand Restaurant Theme Elements for Elementor plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — Grand Restaurant Theme Elements for ElementorCWE-79 6.5 Medium2026-01-22
CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability — Grand RestaurantCWE-79 7.1 High2026-01-08
CVE-2025-64217 WordPress Photography theme <= 7.7.2 - Cross Site Scripting (XSS) vulnerability — PhotographyCWE-79 7.1 High2025-12-18
CVE-2025-64224 WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability — Grand Conference Theme Custom Post TypeCWE-79 7.1 High2025-11-06

This page lists every published CVE security advisory associated with ThemeGoods. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.