Browse all 7 CVE security advisories affecting ThemePunch OHG. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ThemePunch OHG develops WordPress themes and plugins, primarily for creating responsive websites and sliders. Historically, their products have been vulnerable to multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The company has recorded seven CVEs, with several critical flaws allowing attackers to execute arbitrary code or compromise administrative access. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their extensions suggests potential risks for unpatched installations. Users are advised to maintain updated versions and implement security best practices when using ThemePunch OHG's products.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-47771 | WordPress Essential Grid plugin <= 3.0.18 - Multiple Authenticated Broken Access Control vulnerability — Essential GridCWE-862 | 8.3 | High | 2024-06-19 |
| CVE-2023-47684 | WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) — Essential GridCWE-79 | 7.1 | High | 2023-11-13 |
This page lists every published CVE security advisory associated with ThemePunch OHG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.