Browse all 44 CVE security advisories affecting ThemeGoods. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ThemeGoods operates as a digital marketplace specializing in WordPress themes and plugins, primarily targeting e-commerce and business sectors. Its extensive product catalog has historically attracted significant security scrutiny, resulting in forty-four recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes affecting its offerings include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and insecure file handling practices. Additionally, privilege escalation flaws have been documented, allowing unauthorized users to gain administrative access. These issues frequently arise from outdated codebases or poorly maintained third-party libraries integrated into the themes. While the company provides updates to address critical flaws, the high volume of past incidents highlights persistent challenges in maintaining rigorous security standards across a diverse portfolio of user-generated and commercial software components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27352 | WordPress Starto theme < 2.2.5 - Cross Site Scripting (XSS) vulnerability — StartoCWE-79 | 7.1 | High | 2026-03-05 |
This page lists every published CVE security advisory associated with ThemeGoods. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.