Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Themegrill — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Themegrill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeGrill develops WordPress themes and plugins for website building, with 13 CVEs recorded. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable security characteristics include regular but inconsistent patching cycles, with some critical vulnerabilities remaining unaddressed for extended periods. While no major public security incidents have been widely documented, the pattern of recurring flaws in their codebase suggests ongoing challenges in secure development practices, potentially exposing users to significant risks if timely updates are not applied.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4804 Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API — ZakraCWE-79 6.4 Medium2026-07-03
CVE-2026-52701 WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability — User RegistrationCWE-862 6.5 Medium2026-06-26
CVE-2026-54807 WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability — Registration Form for WooCommerceCWE-266 9.8 Critical2026-06-17
CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability — User Registration StripeCWE-862 8.2 High2026-06-17
CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability — User Registration StripeCWE-862 8.2 High2026-06-17
CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability — Masteriyo - LMSCWE-347 6.5 Medium2026-06-15
CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability — Masteriyo - LMSCWE-862 7.5 High2026-06-15
CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability — User RegistrationCWE-862 7.5 High2026-06-15
CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability — Masteriyo - LMSCWE-266 8.8 High2026-06-15
CVE-2026-40730 WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability — ThemeGrill Demo ImporterCWE-862 5.3 Medium2026-04-15
CVE-2025-9331 Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import — SpaciousCWE-862 4.3 Medium2025-08-22
CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation — ColorMagCWE-862 4.3 Medium2025-08-20
CVE-2025-8595 Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import — ZakraCWE-862 4.3 Medium2025-08-06
CVE-2020-36837 ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset — ThemeGrill Demo ImporterCWE-862 9.9 Critical2024-10-16
CVE-2024-39629 WordPress Himalayas theme <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — HimalayasCWE-79 5.9 Medium2024-08-01
CVE-2024-37432 WordPress Esteem theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — EsteemCWE-79 5.9 Medium2024-07-22
CVE-2024-34571 WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — HimalayasCWE-79 6.5 Medium2024-05-08
CVE-2024-33540 WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability — ColorNewsCWE-79 6.5 Medium2024-04-29
CVE-2024-2500 ColorMag <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name — ColorMagCWE-79 6.4 Medium2024-03-22
CVE-2024-1462 Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API — Maintenance PageCWE-284 5.3 Medium2024-03-13
CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure — Maintenance PageCWE-284 5.3 Medium2024-03-13
CVE-2024-0679 ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation — ColorMagCWE-862 6.5 Medium2024-01-20

This page lists every published CVE security advisory associated with Themegrill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.