Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Villatheme — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting Villatheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Villatheme operates as a provider of WordPress themes and plugins, primarily targeting niche markets such as gaming, streaming, and multimedia content. Security audits reveal a concerning pattern of forty documented Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in the development lifecycle. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, instances of broken access control and privilege escalation have been recorded, allowing unauthorized users to manipulate administrative functions. These flaws frequently arise from outdated codebases and a lack of rigorous security testing before deployment. The high volume of CVEs suggests that Villatheme products pose significant risks to website integrity, potentially enabling attackers to compromise entire server environments through simple exploitation of these known entry points.

Top products by Villatheme: Thank You Page Customizer for WooCommerce – Increase Your Sales HAPPY CURCY Thank You Page Customizer for WooCommerce Cart All In One For WooCommerce CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x CURCY - WooCommerce Multi Currency - Currency Switcher Abandoned Cart Recovery for WooCommerce WPBulky WooCommerce Photo Reviews Email Template Customizer for WooCommerce Sales Countdown Timer for WooCommerce and WordPress HAPPY – Helpdesk Support Ticket System Lucky Wheel for WooCommerce – Spin a Sale Lucky Wheel Giveaway COMPE ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin) W2S – Migrate WooCommerce to Shopify Advanced Product Information for WooCommerce WooCommerce Photo Reviews Premium Orders Tracking for WooCommerce CURCY – Multi Currency for WooCommerce Product Size Chart For WooCommerce S2W – Import Shopify to WooCommerce (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2023-48778 WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) — Product Size Chart For WooCommerceCWE-352 5.4 Medium2023-12-18
CVE-2023-30482 WordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS) — WPBulkyCWE-79 6.5 Medium2023-08-08
CVE-2021-4395 Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass — Abandoned Cart Recovery for WooCommerceCWE-352 4.3 Medium2023-07-01
CVE-2021-4379 WooCommerce Multi Currency <= 2.1.17 - Missing Authorization — CURCY - WooCommerce Multi Currency - Currency SwitcherCWE-862 6.5 Medium2023-06-07
CVE-2021-4376 WooCommerce Multi Currency <= 2.1.17 - Missing Authorization — CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.xCWE-862 4.3 Medium2023-06-07
CVE-2022-46810 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-352 4.3 Medium2023-05-25
CVE-2022-46812 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-352 4.3 Medium2023-05-25
CVE-2022-46806 WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF) — Cart All In One For WooCommerceCWE-352 5.4 Medium2023-03-01
CVE-2022-44634 WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability — S2W – Import Shopify to WooCommerce (WordPress plugin) 4.9 Medium2022-11-18
CVE-2022-41623 WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability — ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin)CWE-202 7.5 High2022-10-14

This page lists every published CVE security advisory associated with Villatheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.