Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themefic — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting Themefic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themefic operates as a provider of WordPress themes and plugins, primarily targeting small to medium-sized businesses seeking pre-designed web templates. Security audits reveal a concerning pattern of thirty-six recorded Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in code quality and input validation. Historically, the platform has been susceptible to critical vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. These flaws often stem from insufficient sanitization of user inputs and improper handling of file uploads, allowing attackers to execute arbitrary commands or steal session data. Additionally, instances of privilege escalation have been documented, enabling unauthorized users to gain administrative access. While specific major incidents involving widespread data breaches are not prominently detailed in public records, the high volume of CVEs suggests a persistent need for rigorous security patching and code review processes to mitigate ongoing risks for dependent websites.

Top products by Themefic: Ultimate Addons for Contact Form 7 Tourfic Hydra Booking Ultra Addons for Contact Form 7 Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Instantio BEAF Travelfic Toolkit Hydra Booking — Appointment Scheduling & Booking Calendar Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
CVE IDTitleCVSSSeverityPublished
CVE-2024-29136 WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability — TourficCWE-502 8.5 High2024-03-19
CVE-2024-29137 WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability — TourficCWE-79 7.1 High2024-03-19
CVE-2023-30495 WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection — Ultimate Addons for Contact Form 7CWE-89 8.5 High2023-12-20
CVE-2023-49766 WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) — Ultimate Addons for Contact Form 7CWE-79 7.1 High2023-12-14
CVE-2023-30493 WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) — Ultimate Addons for Contact Form 7CWE-79 7.1 High2023-09-27
CVE-2022-47586 WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection — Ultimate Addons for Contact Form 7CWE-89 8.2 High2023-06-19

This page lists every published CVE security advisory associated with Themefic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.