Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeGoods — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting ThemeGoods. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeGoods operates as a digital marketplace specializing in WordPress themes and plugins, primarily targeting e-commerce and business sectors. Its extensive product catalog has historically attracted significant security scrutiny, resulting in forty-four recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes affecting its offerings include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and insecure file handling practices. Additionally, privilege escalation flaws have been documented, allowing unauthorized users to gain administrative access. These issues frequently arise from outdated codebases or poorly maintained third-party libraries integrated into the themes. While the company provides updates to address critical flaws, the high volume of past incidents highlights persistent challenges in maintaining rigorous security standards across a diverse portfolio of user-generated and commercial software components.

Top products by ThemeGoods: Photography Grand Restaurant PhotoMe Altair Grand Blog Grand Magazine Grand Tour Grand Conference Grand Conference Theme Custom Post Type Capella Grand Car Rental Grand Portfolio Grand Photography Architecturer Musico Grand News Starto Grand Wedding Grand Spa Grand Restaurant Theme Elements for Elementor Craft DotLife Hoteller
CVE IDTitleCVSSSeverityPublished
CVE-2025-60116 WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability — Grand Conference Theme Custom Post TypeCWE-862 5.4 Medium2025-09-26
CVE-2025-47579 WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability — PhotographyCWE-502 9.0 Critical2025-09-09
CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability — PhotographyCWE-502 8.5 High2025-06-06
CVE-2025-39485 WordPress GrandTour theme <= 5.6 - PHP Object Injection vulnerability — Grand TourCWE-502 9.8 Critical2025-05-23
CVE-2025-32926 WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability — Grand RestaurantCWE-22 9.8 Critical2025-05-19
CVE-2025-32928 WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability — AltairCWE-502 9.8 Critical2025-05-19
CVE-2025-39348 WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability — Grand RestaurantCWE-502 9.8 Critical2025-05-19
CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability — Grand RestaurantCWE-862 8.2 High2025-05-19
CVE-2025-39354 WordPress Grand Conference theme <= 5.3 - PHP Object Injection vulnerability — Grand ConferenceCWE-502 9.8 Critical2025-05-19
CVE-2025-39353 WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability — Grand RestaurantCWE-862 5.3 Medium2025-05-19
CVE-2025-39351 WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability — Grand RestaurantCWE-352 4.3 Medium2025-05-19
CVE-2025-30964 WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability — PhotographyCWE-918 5.4 Medium2025-04-15
CVE-2024-12922 Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current — AltairCWE-862 9.8 Critical2025-03-19
CVE-2025-22702 WordPress Photography Theme <= 7.7.2 - Broken Access Control Vulnerability — PhotographyCWE-862 6.3 Medium2025-02-14

This page lists every published CVE security advisory associated with ThemeGoods. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.