ThemeKraft 厂商相关 20 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。
ThemeKraft 主要提供 WordPress 主题及插件开发服务。其生态内组件历史上频繁出现远程代码执行、跨站脚本及越权访问等高危漏洞,累计收录 CVE 达 20 条。这些缺陷多源于输入验证缺失或权限控制不严,导致攻击者可轻易获取服务器控制权或窃取用户数据。鉴于其广泛的市场占有率,相关漏洞修复需引起高度重视,建议用户及时更新版本以规避潜在风险。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-62973 | WordPress plugin BuddyForms 安全漏洞 — BuddyFormsCWE-862 | 5.3 | Medium | 2025-10-27 |
| CVE-2025-32151 | WordPress plugin BuddyForms 安全漏洞 — BuddyFormsCWE-98 | 7.5 | High | 2025-04-04 |
| CVE-2024-13358 | WordPress plugin BuddyPress WooCommerce My Account Integration 安全漏洞 — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 | 4.3 | Medium | 2025-03-01 |
| CVE-2025-1780 | WordPress plugin BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages 安全漏洞 — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 | 4.3 | Medium | 2025-03-01 |
| CVE-2024-12038 | WordPress plugin BuddyForms 跨站脚本漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 | 6.4 | Medium | 2025-02-22 |
| CVE-2024-12037 | WordPress plugin Post Form 跨站脚本漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 | 6.4 | Medium | 2025-01-31 |
| CVE-2024-47377 | WordPress plugin BuddyForms 跨站脚本漏洞 — BuddyFormsCWE-79 | 5.9 | Medium | 2024-10-05 |
| CVE-2024-8246 | WordPress plugin Post Form 安全漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-269 | 8.8 | High | 2024-09-14 |
| CVE-2024-35726 | WordPress plugin WooBuddy 安全漏洞 — WooBuddyCWE-862 | 4.3 | Medium | 2024-06-10 |
| CVE-2024-5149 | WordPress plugin BuddyForms 安全漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-330 | 6.5 | Medium | 2024-06-05 |
| CVE-2024-32830 | WordPress plugin BuddyForms 路径遍历漏洞 — BuddyFormsCWE-22 | 8.6 | High | 2024-05-17 |
| CVE-2024-32603 | WordPress Plugin BuddyPress 代码问题漏洞 — WooBuddyCWE-502 | 8.5 | High | 2024-04-18 |
| CVE-2024-30198 | WordPress Plugin BuddyForms 安全漏洞 — BuddyFormsCWE-79 | 5.8 | Medium | 2024-03-27 |
| CVE-2024-2025 | WordPress Plugin BuddyPress WooCommerce My Account Integration 安全漏洞 — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-502 | 8.8 | High | 2024-03-23 |
| CVE-2024-1158 | WordPress Plugin Post Form 安全漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 | 4.3 | Medium | 2024-03-13 |
| CVE-2024-1170 | WordPress Plugin buddyforms 安全漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 | 8.2 | High | 2024-03-07 |
| CVE-2024-1169 | WordPress Plugin buddyforms 安全漏洞 — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 | 7.5 | High | 2024-03-07 |
| CVE-2023-5823 | WordPress Plugin TK Google Fonts GDPR Compliant 跨站请求伪造漏洞 — TK Google Fonts GDPR CompliantCWE-352 | 4.3 | Medium | 2023-11-06 |
| CVE-2023-25981 | WordPress Plugin BuddyForms 跨站脚本漏洞 — Post FormCWE-79 | 6.5 | Medium | 2023-08-25 |
| CVE-2022-38971 | WordPress plugin BuddyForms 跨站脚本漏洞 — Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User SubmissionsCWE-79 | 4.7 | Medium | 2023-03-16 |
本页汇总了 ThemeKraft 厂商截至目前公开的全部 20 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。