Browse all 40 CVE security advisories affecting Villatheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Villatheme operates as a provider of WordPress themes and plugins, primarily targeting niche markets such as gaming, streaming, and multimedia content. Security audits reveal a concerning pattern of forty documented Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in the development lifecycle. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, instances of broken access control and privilege escalation have been recorded, allowing unauthorized users to manipulate administrative functions. These flaws frequently arise from outdated codebases and a lack of rigorous security testing before deployment. The high volume of CVEs suggests that Villatheme products pose significant risks to website integrity, potentially enabling attackers to compromise entire server environments through simple exploitation of these known entry points.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32526 | WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — Abandoned Cart Recovery for WooCommerceCWE-79 | 7.1 | High | 2026-03-25 |
| CVE-2021-4395 | Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass — Abandoned Cart Recovery for WooCommerceCWE-352 | 4.3 | Medium | 2023-07-01 |
This page lists every published CVE security advisory associated with Villatheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.