Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themesflat — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting Themesflat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themesflat is a WordPress theme provider offering templates for business and portfolio websites. Historically, their themes have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. With 16 CVEs on record, Themesflat's products have faced recurring security concerns, particularly in areas of file handling and user permissions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in theme development and regular updates for users.

Top products by Themesflat: Themesflat Addons For Elementor themesflat-addons-for-elementor TF Woo Product Grid Addon For Elementor Themesflat Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2026-39500 WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability — themesflat-addons-for-elementorCWE-79 6.5 Medium2026-04-08
CVE-2025-69382 WordPress Themesflat Elementor plugin <= 1.0.1 - PHP Object Injection vulnerability — Themesflat ElementorCWE-502 9.8 Critical2026-02-20
CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability — TF Woo Product Grid Addon For ElementorCWE-502 9.8 Critical2025-10-22
CVE-2025-3275 Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themesflat Addons For ElementorCWE-79 6.4 Medium2025-04-19
CVE-2025-31567 WordPress Themesflat Addons For Elementor plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability — themesflat-addons-for-elementorCWE-79 6.5 Medium2025-03-31
CVE-2024-12205 Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themesflat Addons For ElementorCWE-79 6.4 Medium2025-01-08
CVE-2024-53796 WordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — themesflat-addons-for-elementorCWE-79 6.5 Medium2024-12-06
CVE-2024-49310 WordPress Themesflat Addons For Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability — themesflat-addons-for-elementorCWE-79 6.5 Medium2024-10-17
CVE-2024-8516 Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure — Themesflat Addons For ElementorCWE-200 4.3 Medium2024-09-25
CVE-2024-8515 Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themesflat Addons For ElementorCWE-79 6.4 Medium2024-09-25
CVE-2024-4458 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs — Themesflat Addons For ElementorCWE-79 6.4 Medium2024-06-06
CVE-2024-4212 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets — Themesflat Addons For ElementorCWE-79 6.4 Medium2024-06-06
CVE-2024-4459 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles — Themesflat Addons For ElementorCWE-87 6.4 Medium2024-06-06
CVE-2024-2922 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags — Themesflat Addons For ElementorCWE-79 6.4 Medium2024-06-06
CVE-2024-35666 WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability — Themesflat Addons For ElementorCWE-79 6.5 Medium2024-06-04
CVE-2023-37390 WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection — Themesflat Addons For ElementorCWE-502 8.3 High2023-12-19

This page lists every published CVE security advisory associated with Themesflat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.