Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeMakers — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting ThemeMakers. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeMakers develops WordPress themes and website templates, primarily serving small businesses and bloggers seeking customizable website solutions. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. With nine CVEs documented, their themes have repeatedly exposed users to significant security risks, including unauthorized administrative access and complete website compromise. These vulnerabilities typically arise from outdated components, poor sanitization practices, and inadequate security reviews, making ThemeMakers a notable concern for WordPress administrators prioritizing security.

Top products by ThemeMakers: Car Dealer Automotive WordPress Theme – Responsive Car Dealer ThemeMakers PayPal Express Checkout ThemeMakers Stripe Checkout ThemeMakers Visual Content Composer
CVE IDTitleCVSSSeverityPublished
CVE-2026-24391 WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability — Car DealerCWE-79 7.1 High2026-03-25
CVE-2025-53299 WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability — ThemeMakers Visual Content ComposerCWE-502 9.8 Critical2025-08-20
CVE-2025-39480 WordPress Car Dealer theme < 1.6.8 - PHP Object Injection vulnerability — Car DealerCWE-502 9.8 Critical2025-05-23
CVE-2025-1687 Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile — Car Dealer Automotive WordPress Theme – ResponsiveCWE-352 8.8 High2025-02-27
CVE-2025-1681 Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files — Car Dealer Automotive WordPress Theme – ResponsiveCWE-862 5.4 Medium2025-02-27
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation — Car Dealer Automotive WordPress Theme – ResponsiveCWE-862 8.8 High2025-02-27
CVE-2025-1690 ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ThemeMakers Stripe CheckoutCWE-79 6.4 Medium2025-02-27
CVE-2025-1282 Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read — Car Dealer Automotive WordPress Theme – ResponsiveCWE-22 8.8 High2025-02-27
CVE-2025-1689 ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ThemeMakers PayPal Express CheckoutCWE-79 6.4 Medium2025-02-27

This page lists every published CVE security advisory associated with ThemeMakers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.