Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themify — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Themify. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themify is a WordPress theme and plugin provider enabling website customization through drag-and-drop builders. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple instances where insufficient sanitization allowed attackers to execute arbitrary code or manipulate content. The project maintains 14 CVE records, with recurring patterns in file handling and user permission management. While no major public breaches have been widely documented, the consistent presence of similar vulnerability types across multiple releases indicates ongoing challenges in secure coding practices.

Top products by Themify: Themify Ultra Post Type Builder (PTB) Themify Portfolio Post Themify Builder Themify Event Post Themify Shortcodes Themify Edmin Shopo Themify Sidepane WordPress Theme
CVE IDTitleCVSSSeverityPublished
CVE-2025-30996 Arbitrary File Upload Vulnerability in WordPress themes by Themify — Themify Sidepane WordPress ThemeCWE-434 9.9 Critical2026-01-06
CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability — ShopoCWE-434 9.9 Critical2026-01-05
CVE-2025-31047 WordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection Vulnerability — Themify EdminCWE-502 8.8 High2026-01-05
CVE-2024-43133 WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — Themify ShortcodesCWE-79 6.5 Medium2024-08-12
CVE-2023-46146 WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability — Themify UltraCWE-862 8.3 High2024-06-19
CVE-2023-46148 WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability — Themify UltraCWE-862 8.8 High2024-06-19
CVE-2023-46145 WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability — Themify UltraCWE-269 8.8 High2024-05-17
CVE-2024-31366 WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability — Post Type Builder (PTB)CWE-862 7.1 High2024-04-09
CVE-2024-31365 WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Post Type Builder (PTB)CWE-79 7.1 High2024-04-09
CVE-2024-30440 WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — Themify Event PostCWE-79 5.9 Medium2024-03-29
CVE-2024-24872 WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF) — Themify BuilderCWE-352 4.3 Medium2024-02-21
CVE-2023-46149 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload — Themify UltraCWE-434 9.9 Critical2023-12-20
CVE-2023-46147 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection — Themify UltraCWE-502 7.4 High2023-12-20
CVE-2022-32970 WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS) — Themify Portfolio PostCWE-79 4.1 Medium2023-05-10

This page lists every published CVE security advisory associated with Themify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.