Browse all 9 CVE security advisories affecting ThemeMakers. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ThemeMakers develops WordPress themes and website templates, primarily serving small businesses and bloggers seeking customizable website solutions. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. With nine CVEs documented, their themes have repeatedly exposed users to significant security risks, including unauthorized administrative access and complete website compromise. These vulnerabilities typically arise from outdated components, poor sanitization practices, and inadequate security reviews, making ThemeMakers a notable concern for WordPress administrators prioritizing security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-53299 | WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability — ThemeMakers Visual Content ComposerCWE-502 | 9.8 | Critical | 2025-08-20 |
This page lists every published CVE security advisory associated with ThemeMakers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.