Browse all 3 CVE security advisories affecting ThemeSphere. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ThemeSphere is a WordPress theme provider offering customizable templates for websites and online stores. Historically, the platform has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. With three CVEs documented, these vulnerabilities have allowed attackers to execute arbitrary code, manipulate website content, and gain unauthorized administrative access. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in ThemeSphere's products highlights ongoing security challenges in third-party WordPress themes, emphasizing the need for rigorous code reviews and prompt patch management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64216 | WordPress SmartMag theme <= 10.3.0 - Local File Inclusion vulnerability — SmartMagCWE-98 | 7.5 | High | 2025-10-29 |
| CVE-2025-64204 | WordPress SmartMag theme <= 10.3.1 - Cross Site Scripting (XSS) vulnerability — SmartMagCWE-79 | 6.5 | Medium | 2025-10-29 |
| CVE-2024-37930 | WordPress SmartMag theme < 10.1.0 - Sensitive Data Exposure via Log File vulnerability — SmartMagCWE-532 | 5.3 | Medium | 2024-08-12 |
This page lists every published CVE security advisory associated with ThemeSphere. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.