Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeMove — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting ThemeMove. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeMove operates as a provider of WordPress themes and plugins, primarily targeting users seeking customizable website designs. Its software portfolio has been associated with twenty-five recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. Analysis of these vulnerabilities reveals a prevalence of critical flaws, including remote code execution, cross-site scripting, and privilege escalation issues. These defects often stem from insufficient input validation and inadequate sanitization of user-supplied data within the application’s core functions. While specific major incidents involving widespread exploitation are not extensively documented in public threat intelligence feeds, the high volume of CVEs suggests systemic weaknesses in the development lifecycle. Security researchers advise administrators to prioritize regular updates and rigorous patch management to mitigate risks associated with these known defects, ensuring that the underlying infrastructure remains resilient against potential exploitation attempts.

Top products by ThemeMove: Unicamp Makeaholic MinimogWP EduMall MinimogWP – The High Converting eCommerce WordPress Theme SmilePure Brook AeroLand Mitech Moody Learts Addons Medizin Billey Businext ThemeMove Core MaxCoach Amely Healsoul QuickCal - Appointment Booking Calendar for WordPress EduMall - Professional LMS Education Center WordPress Theme
CVE IDTitleCVSSSeverityPublished
CVE-2026-25027 WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability — UnicampCWE-98 7.5 High2026-02-03
CVE-2025-22708 WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability — MitechCWE-98 8.1 High2026-01-08
CVE-2025-22707 WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability — MoodyCWE-98 8.1 High2026-01-08
CVE-2025-14430 WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability — BrookCWE-98 8.1 High2026-01-08
CVE-2025-14429 WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability — AeroLandCWE-98 8.1 High2026-01-08
CVE-2025-60069 WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability — MinimogWPCWE-98 8.1 High2025-12-18
CVE-2025-68061 WordPress EduMall theme <= 4.4.7 - Local File Inclusion vulnerability — EduMallCWE-98 7.5 High2025-12-16
CVE-2025-68062 WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability — MinimogWPCWE-98 7.5 High2025-12-16
CVE-2025-59557 WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability — Learts AddonsCWE-89 9.3 Critical2025-10-22
CVE-2025-59564 WordPress EduMall Theme < 4.4.5 - Local File Inclusion Vulnerability — EduMallCWE-98 8.1 High2025-10-22
CVE-2025-59555 WordPress Medizin Theme < 1.9.7 - Local File Inclusion Vulnerability — MedizinCWE-98 8.1 High2025-10-22
CVE-2025-59558 WordPress Billey Theme < 2.1.6 - Local File Inclusion Vulnerability — BilleyCWE-98 8.1 High2025-10-22
CVE-2025-58967 WordPress Businext theme < 2.4.4 - Local File Inclusion vulnerability — BusinextCWE-98 8.1 High2025-10-22
CVE-2025-58958 WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability — SmilePureCWE-98 8.1 High2025-10-22
CVE-2025-53303 WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability — ThemeMove CoreCWE-502 8.8 High2025-09-09
CVE-2025-58206 WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability — MaxCoachCWE-98 8.1 High2025-09-05
CVE-2025-58210 WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability — MakeaholicCWE-862 5.3 Medium2025-09-03
CVE-2025-54700 WordPress Makeaholic Theme <= 1.8.4 - Local File Inclusion Vulnerability — MakeaholicCWE-98 8.1 High2025-08-14
CVE-2025-54701 WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability — UnicampCWE-98 8.1 High2025-08-14
CVE-2025-8198 MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation — MinimogWP – The High Converting eCommerce WordPress ThemeCWE-472 7.5 High2025-07-26
CVE-2025-39474 WordPress Amely theme <= 3.1.4 - SQL Injection vulnerability — AmelyCWE-89 9.3 Critical2025-06-27
CVE-2025-32309 WordPress Healsoul theme <= 2.2.3 - Local File Inclusion Vulnerability — HealsoulCWE-98 8.1 High2025-05-23
CVE-2025-32310 WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability — QuickCal - Appointment Booking Calendar for WordPressCWE-352 8.8 High2025-05-16
CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion — EduMall - Professional LMS Education Center WordPress ThemeCWE-98 8.1 High2025-04-26
CVE-2024-13790 MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion — MinimogWP – The High Converting eCommerce WordPress ThemeCWE-98 9.8 Critical2025-03-19

This page lists every published CVE security advisory associated with ThemeMove. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.