Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeMakers — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting ThemeMakers. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeMakers develops WordPress themes and website templates, primarily serving small businesses and bloggers seeking customizable website solutions. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. With nine CVEs documented, their themes have repeatedly exposed users to significant security risks, including unauthorized administrative access and complete website compromise. These vulnerabilities typically arise from outdated components, poor sanitization practices, and inadequate security reviews, making ThemeMakers a notable concern for WordPress administrators prioritizing security.

Found 4 results / 9Clear Filters
Top products by ThemeMakers: Car Dealer Automotive WordPress Theme – Responsive Car Dealer ThemeMakers PayPal Express Checkout ThemeMakers Stripe Checkout ThemeMakers Visual Content Composer
CVE IDTitleCVSSSeverityPublished
CVE-2025-1687 Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile — Car Dealer Automotive WordPress Theme – ResponsiveCWE-352 8.8 High2025-02-27
CVE-2025-1681 Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files — Car Dealer Automotive WordPress Theme – ResponsiveCWE-862 5.4 Medium2025-02-27
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation — Car Dealer Automotive WordPress Theme – ResponsiveCWE-862 8.8 High2025-02-27
CVE-2025-1282 Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read — Car Dealer Automotive WordPress Theme – ResponsiveCWE-22 8.8 High2025-02-27

This page lists every published CVE security advisory associated with ThemeMakers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.