Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themepoints — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Themepoints. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themepoints is a digital experience platform enabling organizations to create and manage branded web applications and portals. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 18 recorded CVEs. Security researchers have frequently identified authentication bypass weaknesses and insecure direct object references in its components. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across different versions suggests potential risks for organizations relying on the platform without rigorous patch management and security hardening.

Top products by Themepoints: Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Accordion Tab Ultimate Testimonials Logo Showcase Carousel Ultimate Testimonials (WordPress plugin) Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin Accordions – Responsive Accordion & FAQ Plugin for WordPress Skill Bar Service Box Team Showcase
CVE IDTitleCVSSSeverityPublished
CVE-2025-69350 WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability — AccordionCWE-79 5.9 Medium2026-01-06
CVE-2025-69335 WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability — Team ShowcaseCWE-79 6.5 Medium2026-01-06
CVE-2025-62060 WordPress Tab Ultimate plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability — Tab UltimateCWE-79 6.5 Medium2025-10-22
CVE-2025-58652 WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability — Carousel UltimateCWE-79 6.5 Medium2025-09-22
CVE-2025-58684 WordPress Logo Showcase plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — Logo ShowcaseCWE-79 6.5 Medium2025-09-22
CVE-2025-58820 WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability — Carousel UltimateCWE-79 5.9 Medium2025-09-05
CVE-2025-47497 WordPress Logo Showcase plugin <= 3.0.4 - Cross Site Scripting (XSS) Vulnerability — Logo ShowcaseCWE-79 6.5 Medium2025-05-07
CVE-2024-13704 Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting — Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPressCWE-80 7.2 High2025-02-18
CVE-2025-22805 WordPress Skill Bar Plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability — Skill BarCWE-79 6.5 Medium2025-01-09
CVE-2024-12699 Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Service BoxCWE-79 6.4 Medium2025-01-07
CVE-2024-43959 WordPress Super Testimonials plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — TestimonialsCWE-79 7.1 High2024-09-25
CVE-2024-31348 WordPress Super Testimonials plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability — TestimonialsCWE-79 6.5 Medium2024-04-07
CVE-2023-47809 WordPress Accordion Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) — AccordionCWE-79 5.9 Medium2023-11-22
CVE-2023-5667 Tab Ultimate <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Tab UltimateCWE-79 6.4 Medium2023-11-22
CVE-2023-5666 Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Accordions – Responsive Accordion & FAQ Plugin for WordPressCWE-79 6.4 Medium2023-10-30
CVE-2023-5613 Super Testimonials <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPressCWE-79 6.4 Medium2023-10-20
CVE-2023-5639 Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Team Showcase – Responsive Team Members Grid, Slider & Carousel PluginCWE-79 6.4 Medium2023-10-19
CVE-2021-36858 WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — Testimonials (WordPress plugin)CWE-79 4.8 Medium2022-10-28

This page lists every published CVE security advisory associated with Themepoints. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.