Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themeisle — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Themeisle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeisle operates as a developer of WordPress plugins and themes, primarily offering free and premium tools for site optimization, SEO, and design. Its extensive portfolio has historically been associated with a significant volume of security vulnerabilities, currently totaling 86 recorded CVEs. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and unauthenticated remote code execution (RCE), often stemming from insufficient input validation and weak access controls within plugin code. Notable incidents include critical RCE vulnerabilities in popular plugins like OceanWP and Zakra, which allowed attackers to execute arbitrary commands on compromised servers. The high frequency of these issues highlights systemic challenges in maintaining rigorous security standards across a large, diverse suite of open-source and commercial web components, necessitating frequent updates and strict adherence to secure coding practices to mitigate risks for end-users.

Top products by Themeisle: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Multiple Page Generator Plugin – MPG RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Redirection for Contact Form 7 Visualizer: Tables and Charts Manager for WordPress PPOM for WooCommerce PPOM – Product Addons & Custom Fields for WooCommerce Menu Icons by ThemeIsle Visualizer Auto Featured Image (Auto Post Thumbnail) Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts Otter - Gutenberg Block Orbit Fox by ThemeIsle Hestia Woody ad snippets Disable Admin Notices – Hide Dashboard Notifications Robin Image Optimizer – Unlimited Image Optimization & WebP Converter Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions WP Full Stripe Free Cyrlitera AI Chatbot for WordPress – Hyve Lite Google Maps Plugin by Intergeo Disable Admin Notices individually MPG Otter Blocks PRO Cloud Templates & Patterns collection LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2024-27958 WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability — VisualizerCWE-79 7.1 High2024-03-17
CVE-2024-1499 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-1497 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-2126 Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-1323 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-02-27
CVE-2024-1317 RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-89 8.8 High2024-02-20
CVE-2024-1318 RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-862 6.5 Medium2024-02-20
CVE-2024-0508 Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-02-05
CVE-2024-1092 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-284 4.3 Medium2024-02-05
CVE-2024-1162 Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-352 4.3 Medium2024-02-02
CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization — Menu Icons by ThemeIsleCWE-862 5.3 Medium2024-02-02
CVE-2023-7019 LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization — LightStart – Maintenance Mode, Coming Soon and Landing Page BuilderCWE-862 4.3 Medium2024-01-11
CVE-2023-6781 Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-20 6.4 Medium2024-01-11
CVE-2023-6798 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-862 5.4 Medium2024-01-06
CVE-2023-6801 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-79 6.4 Medium2024-01-06
CVE-2023-47529 WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure — Cloud Templates & Patterns collectionCWE-200 5.3 Medium2023-11-23
CVE-2023-33927 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection — Multiple Page Generator Plugin – MPGCWE-89 7.6 High2023-10-31
CVE-2020-36758 RSS Aggregator by Feedzy <= 3.4.2 - Cross-Site Request Forgery Bypass — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-352 4.3 Medium2023-10-20
CVE-2020-36759 Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass — Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsCWE-352 4.3 Medium2023-10-20
CVE-2023-4887 Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Google Maps Plugin by IntergeoCWE-79 6.4 Medium2023-09-12
CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection — Multiple Page Generator Plugin – MPGCWE-89 7.2 High2023-06-09
CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection — Multiple Page Generator Plugin – MPGCWE-352 3.1 Low2023-05-17
CVE-2023-23708 WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) — Visualizer: Tables and Charts Manager for WordPressCWE-79 6.5 Medium2023-05-03
CVE-2022-46848 WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS) — Visualizer: Tables and Charts Manager for WordPressCWE-79 6.5 Medium2023-03-28
CVE-2022-47143 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF) — Multiple Page Generator Plugin – MPGCWE-352 4.3 Medium2023-03-14
CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization — Visualizer: Tables and Charts Manager for WordPressCWE-502 8.8 High2022-07-18

This page lists every published CVE security advisory associated with Themeisle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.