Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeREX — Vulnerabilities & Security Advisories 125

Browse all 125 CVE security advisories affecting ThemeREX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeREX operates as a prominent developer of premium WordPress themes and plugins, primarily targeting enterprise and corporate web solutions. Security audits have identified a significant volume of vulnerabilities within its ecosystem, with over 125 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from inadequate input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. The high frequency of these issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and third-party library management. While the company provides support channels, the sheer number of disclosed vulnerabilities highlights persistent challenges in maintaining robust security hygiene across its extensive product portfolio, posing substantial risks to organizations relying on its software infrastructure.

Top products by ThemeREX: Puzzles | WP Magazine / Review with Store WordPress Theme + RTL ThemeREX Addons Mandala Happy Baby Mahogany Translogic Bassein Filmax Dermatology Clinic Healer - Doctor, Clinic & Medical WordPress Theme Bonbon Legrand Global Logistics Printy Muzicon Stargaze Eject Foodie Buisson Motorix S.King Nuts Le Truffe Green Thumb Tiger Claw Law Office RexCoin Vapester Legal Stone Aqualots
CVE IDTitleCVSSSeverityPublished
CVE-2026-27988 WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability — EquadioCWE-98 8.1 High2026-03-05
CVE-2026-27989 WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability — QuanzoCWE-98 8.1 High2026-03-05
CVE-2026-27986 WordPress OsTende theme <= 1.4.3 - Local File Inclusion vulnerability — OsTendeCWE-98 8.1 High2026-03-05
CVE-2026-27985 WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability — HumanumCWE-98 8.1 High2026-03-05
CVE-2026-27987 WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability — The QleanCWE-98 8.1 High2026-03-05
CVE-2026-27439 WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability — DentarioCWE-502 9.8 Critical2026-03-05
CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability — Tennis ClubCWE-502 9.8 Critical2026-03-05
CVE-2026-27438 WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability — KinglerCWE-502 9.8 Critical2026-03-05
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability — Equestrian CentreCWE-502 9.8 Critical2026-03-05
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability — SolarisCWE-502 9.8 Critical2026-03-05
CVE-2026-22452 WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability — HoverexCWE-98 8.1 High2026-03-05
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability — Pets ClubCWE-502 9.8 Critical2026-03-05
CVE-2026-22443 WordPress Alliance theme <= 3.1.1 - Local File Inclusion vulnerability — AllianceCWE-98 8.1 High2026-03-05
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability — ClassterCWE-502 9.8 Critical2026-03-05
CVE-2025-53335 WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability — BergerCWE-98 8.1 High2026-03-05
CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability — Lorem Ipsum | Books & Media StoreCWE-502 9.8 Critical2026-02-20
CVE-2025-69406 WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability — FreightCoCWE-98 8.1 High2026-02-20
CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability — Extreme StoreCWE-502 9.8 Critical2026-02-20
CVE-2025-69402 WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability — R&FCWE-98 8.1 High2026-02-20
CVE-2025-69399 WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability — CobbleCWE-98 8.1 High2026-02-20
CVE-2025-69400 WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability — YokooCWE-98 8.1 High2026-02-20
CVE-2025-69398 WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability — PlankCWE-98 8.1 High2026-02-20
CVE-2025-69397 WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability — TintCWE-98 8.1 High2026-02-20
CVE-2025-69395 WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability — GableCWE-98 8.1 High2026-02-20
CVE-2025-69396 WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability — SplendourCWE-98 8.1 High2026-02-20
CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability — Sound | Musical Instruments Online StoreCWE-502 9.8 Critical2026-01-22
CVE-2025-69081 WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability — HopeCWE-98 8.1 High2026-01-07
CVE-2025-49890 WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability — Organic BeautyCWE-502 9.8 Critical2025-08-20
CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function — ThemeREX AddonsCWE-79 6.4 Medium2025-07-19
CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection — Education Center | LMS & Online Courses WordPress ThemeCWE-502 9.8 Critical2025-07-02

This page lists every published CVE security advisory associated with ThemeREX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.