Browse all 7 CVE security advisories affecting ThemeNectar. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ThemeNectar develops WordPress themes and page builders for website creation and customization. Historically, the platform has been associated with multiple remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. With seven CVEs documented, security researchers have identified consistent patterns in authentication bypass flaws and insecure direct object reference issues. While no major public security incidents have been widely reported, the cumulative vulnerabilities highlight ongoing challenges in secure coding practices for WordPress theme development, particularly in dynamic content rendering and user permission management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62028 | WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability — SalientCWE-862 | 4.3 | Medium | 2025-11-06 |
This page lists every published CVE security advisory associated with ThemeNectar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.