Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themekraft — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting Themekraft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeKraft operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and digital product sectors. Security audits reveal a concerning pattern of twenty recorded Common Vulnerabilities and Exposures (CVEs), indicating persistent weaknesses in code quality and input validation. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions or access restricted resources. These flaws frequently arise from outdated dependencies and lack of rigorous security testing during the development lifecycle. While no single catastrophic data breach has been publicly attributed solely to ThemeKraft, the cumulative impact of these vulnerabilities poses significant risks to downstream websites relying on their software, necessitating immediate patching and enhanced security protocols to mitigate potential exploitation by malicious actors.

Top products by Themekraft: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) BuddyForms BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages WooBuddy Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions Post Form TK Google Fonts GDPR Compliant
CVE IDTitleCVSSSeverityPublished
CVE-2025-62973 WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability — BuddyFormsCWE-862 5.3 Medium2025-10-27
CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability — BuddyFormsCWE-98 7.5 High2025-04-04
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 4.3 Medium2025-03-01
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-862 4.3 Medium2025-03-01
CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 6.4 Medium2025-02-22
CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-79 6.4 Medium2025-01-31
CVE-2024-47377 WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability — BuddyFormsCWE-79 5.9 Medium2024-10-05
CVE-2024-8246 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-269 8.8 High2024-09-14
CVE-2024-35726 WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability — WooBuddyCWE-862 4.3 Medium2024-06-10
CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-330 6.5 Medium2024-06-05
CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability — BuddyFormsCWE-22 8.6 High2024-05-17
CVE-2024-32603 WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability — WooBuddyCWE-502 8.5 High2024-04-18
CVE-2024-30198 WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability — BuddyFormsCWE-79 5.8 Medium2024-03-27
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesCWE-502 8.8 High2024-03-23
CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 4.3 Medium2024-03-13
CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 8.2 High2024-03-07
CVE-2024-1169 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)CWE-862 7.5 High2024-03-07
CVE-2023-5823 WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) — TK Google Fonts GDPR CompliantCWE-352 4.3 Medium2023-11-06
CVE-2023-25981 WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) — Post FormCWE-79 6.5 Medium2023-08-25
CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) — Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User SubmissionsCWE-79 4.7 Medium2023-03-16

This page lists every published CVE security advisory associated with Themekraft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.