Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeLooks — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting ThemeLooks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themelooks develops WordPress themes and website templates primarily for small businesses and online portfolios. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple instances of hardcoded credentials and insecure direct object references in their themes. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities across their product line suggests significant security shortcomings in their development practices, resulting in 13 documented CVEs to date.

Top products by ThemeLooks: Enter Addons – Ultimate Template Builder for Elementor Enter Addons mFolio Lite FoodBook
CVE IDTitleCVSSSeverityPublished
CVE-2026-25014 WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability — Enter AddonsCWE-352 4.3 Medium2026-02-03
CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets — Enter Addons – Ultimate Template Builder for ElementorCWE-79 6.4 Medium2025-12-13
CVE-2025-60125 WordPress FoodBook Plugin <= 4.7.6 - Sensitive Data Exposure Vulnerability — FoodBookCWE-201 5.3 Medium2025-09-26
CVE-2025-31847 WordPress mFolio Lite plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — mFolio LiteCWE-79 6.5 Medium2025-04-01
CVE-2024-56252 WordPress Enter Addons plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability — Enter AddonsCWE-79 6.5 Medium2025-01-02
CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure — Enter Addons – Ultimate Template Builder for ElementorCWE-639 4.3 Medium2024-11-23
CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files — mFolio LiteCWE-434 9.9 Critical2024-11-06
CVE-2024-47625 WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability — Enter AddonsCWE-79 6.5 Medium2024-10-05
CVE-2024-7611 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget — Enter Addons – Ultimate Template Builder for ElementorCWE-79 6.4 Medium2024-09-06
CVE-2024-43225 WordPress Enter Addons plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability — Enter AddonsCWE-79 6.5 Medium2024-08-12
CVE-2024-37263 WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability — Enter AddonsCWE-79 6.5 Medium2024-07-22
CVE-2024-3831 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget — Enter Addons – Ultimate Template Builder for ElementorCWE-79 6.4 Medium2024-05-09
CVE-2024-3680 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag — Enter Addons – Ultimate Template Builder for ElementorCWE-79 6.4 Medium2024-05-09

This page lists every published CVE security advisory associated with ThemeLooks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.