Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeREX — Vulnerabilities & Security Advisories 125

Browse all 125 CVE security advisories affecting ThemeREX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeREX operates as a prominent developer of premium WordPress themes and plugins, primarily targeting enterprise and corporate web solutions. Security audits have identified a significant volume of vulnerabilities within its ecosystem, with over 125 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from inadequate input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. The high frequency of these issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and third-party library management. While the company provides support channels, the sheer number of disclosed vulnerabilities highlights persistent challenges in maintaining robust security hygiene across its extensive product portfolio, posing substantial risks to organizations relying on its software infrastructure.

Top products by ThemeREX: Puzzles | WP Magazine / Review with Store WordPress Theme + RTL ThemeREX Addons Mandala Happy Baby Mahogany Translogic Bassein Filmax Dermatology Clinic Healer - Doctor, Clinic & Medical WordPress Theme Bonbon Legrand Global Logistics Printy Muzicon Stargaze Eject Foodie Buisson Motorix S.King Nuts Le Truffe Green Thumb Tiger Claw Law Office RexCoin Vapester Legal Stone Aqualots
CVE IDTitleCVSSSeverityPublished
CVE-2026-28028 WordPress MoneyFlow theme <= 1.0 - Local File Inclusion vulnerability — MoneyFlowCWE-98 8.1 High2026-03-05
CVE-2026-28027 WordPress Kayon theme <= 1.3 - Local File Inclusion vulnerability — KayonCWE-98 8.1 High2026-03-05
CVE-2026-28026 WordPress Motorix theme <= 1.6 - Local File Inclusion vulnerability — MotorixCWE-98 8.1 High2026-03-05
CVE-2026-28025 WordPress Stargaze theme <= 1.5 - Local File Inclusion vulnerability — StargazeCWE-98 8.1 High2026-03-05
CVE-2026-28023 WordPress Nuts theme <= 1.10 - Local File Inclusion vulnerability — NutsCWE-98 8.1 High2026-03-05
CVE-2026-28022 WordPress Foodie theme <= 1.14 - Local File Inclusion vulnerability — FoodieCWE-98 8.1 High2026-03-05
CVE-2026-28021 WordPress Craftis theme <= 1.2.8 - Local File Inclusion vulnerability — CraftisCWE-98 8.1 High2026-03-05
CVE-2026-28019 WordPress Manoir theme <= 1.11 - Local File Inclusion vulnerability — ManoirCWE-98 8.1 High2026-03-05
CVE-2026-28020 WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability — ChromaCWE-98 8.1 High2026-03-05
CVE-2026-28018 WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability — Global LogisticsCWE-98 8.1 High2026-03-05
CVE-2026-28013 WordPress Kratz theme <= 1.0.12 - Local File Inclusion vulnerability — KratzCWE-98 8.1 High2026-03-05
CVE-2026-28015 WordPress ShiftCV theme <= 3.0.14 - Local File Inclusion vulnerability — ShiftCVCWE-98 8.1 High2026-03-05
CVE-2026-28017 WordPress Green Thumb theme <= 1.1.12 - Local File Inclusion vulnerability — Green ThumbCWE-98 8.1 High2026-03-05
CVE-2026-28014 WordPress Translogic theme <= 1.2.11 - Local File Inclusion vulnerability — TranslogicCWE-98 8.1 High2026-03-05
CVE-2026-28016 WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability — Luxury WineCWE-98 8.1 High2026-03-05
CVE-2026-28010 WordPress Scientia theme <= 1.2.4 - Local File Inclusion vulnerability — ScientiaCWE-98 8.1 High2026-03-05
CVE-2026-28012 WordPress Gridiron theme <= 1.0.14 - Local File Inclusion vulnerability — GridironCWE-98 8.1 High2026-03-05
CVE-2026-28009 WordPress DroneX theme <= 1.1.12 - Local File Inclusion vulnerability — DroneXCWE-98 8.1 High2026-03-05
CVE-2026-28011 WordPress Yottis theme <= 1.0.10 - Local File Inclusion vulnerability — YottisCWE-98 8.1 High2026-03-05
CVE-2026-27996 WordPress Lingvico theme <= 1.0.14 - Local File Inclusion vulnerability — LingvicoCWE-98 8.1 High2026-03-05
CVE-2026-27997 WordPress Maxify theme <= 1.0.16 - Local File Inclusion vulnerability — MaxifyCWE-98 8.1 High2026-03-05
CVE-2026-27998 WordPress Vixus theme <= 1.0.16 - Local File Inclusion vulnerability — VixusCWE-98 8.1 High2026-03-05
CVE-2026-27995 WordPress Justitia theme <= 1.1.0 - Local File Inclusion vulnerability — JustitiaCWE-98 8.1 High2026-03-05
CVE-2026-28007 WordPress Coinpress theme <= 1.0.14 - Local File Inclusion vulnerability — CoinpressCWE-98 8.1 High2026-03-05
CVE-2026-28006 WordPress Yungen theme <= 1.0.12 - Local File Inclusion vulnerability — YungenCWE-98 8.1 High2026-03-05
CVE-2026-27994 WordPress Tediss theme <= 1.2.4 - Local File Inclusion vulnerability — TedissCWE-98 8.1 High2026-03-05
CVE-2026-27991 WordPress Avventure theme <= 1.1.12 - Local File Inclusion vulnerability — AvventureCWE-98 8.1 High2026-03-05
CVE-2026-27992 WordPress Meals & Wheels theme <= 1.1.12 - Local File Inclusion vulnerability — Meals & WheelsCWE-98 8.1 High2026-03-05
CVE-2026-27993 WordPress Aldo theme <= 1.0.10 - Local File Inclusion vulnerability — AldoCWE-98 8.1 High2026-03-05
CVE-2026-27990 WordPress ConFix theme <= 1.013 - Local File Inclusion vulnerability — ConFixCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with ThemeREX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.