Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeHunk — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting ThemeHunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeHunk operates as a commercial provider of WordPress themes and plugins, primarily targeting small-to-medium businesses seeking pre-designed web templates. Security audits reveal a concerning pattern of vulnerabilities, with thirty-one Common Vulnerabilities and Exposures (CVEs) currently documented. The most prevalent issues involve Cross-Site Scripting (XSS) and SQL Injection, stemming from inadequate input sanitization and improper output escaping in user-facing forms. Additionally, several instances of Remote Code Execution (RCE) and privilege escalation have been identified, often resulting from weak authentication mechanisms or insecure file upload handlers. These flaws allow attackers to compromise site integrity, steal user data, or gain administrative control. The high volume of recorded CVEs suggests systemic weaknesses in the development lifecycle, highlighting a critical need for rigorous code review and security testing before deployment.

Found 3 results / 31Clear Filters
Top products by ThemeHunk: Lead Form Builder & Contact Form Vayu Blocks – Website Builder for the Block Editor Advance WordPress Search Plugin Contact Form & Lead Form Elementor Builder Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce Easy Mega Menu for WordPress – ThemeHunk Gutenberg Blocks Big Store Hunk Companion WP Popup Builder – Popup Forms and Marketing Lead Generation Top Store Th Shop Mania TH Variation Swatches Variation Swatches for WooCommerce Zita Site Builder ThemeHunk Zita WP Popup Builder Wishlist for WooCommerce Oneline Lite
CVE IDTitleCVSSSeverityPublished
CVE-2025-9378 Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes — Vayu Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2025-09-03
CVE-2025-4420 Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter — Vayu Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2025-06-03
CVE-2024-10124 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation — Vayu Blocks – Website Builder for the Block EditorCWE-284 9.8 Critical2024-12-12

This page lists every published CVE security advisory associated with ThemeHunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.