Browse all 5 CVE security advisories affecting XplodedThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
XplodedThemes develops WordPress themes and plugins, primarily for website customization and functionality. Historically, their products have frequently contained vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The company has accumulated five CVEs to date, with security researchers consistently identifying similar patterns of insecure coding practices across their offerings. While no major public security incidents have been widely reported, the recurring nature of these vulnerabilities suggests systemic security weaknesses in their development processes, potentially exposing users to significant risks if proper hardening measures are not implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9178 | XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — XT Floating Cart for WooCommerceCWE-79 | 6.4 | Medium | 2024-11-05 |
| CVE-2024-9546 | WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure — WPIDE – File Manager & Code EditorCWE-200 | 5.3 | Medium | 2024-10-14 |
| CVE-2024-8716 | XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting — XT Ajax Add To Cart for WooCommerceCWE-79 | 6.1 | Medium | 2024-09-24 |
| CVE-2022-40217 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability — WPIDE – File Manager & Code Editor (WordPress plugin) | 6.5 | Medium | 2022-09-21 |
| CVE-2022-35235 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability — WPIDE – File Manager & Code Editor (WordPress plugin) | 4.9 | Medium | 2022-08-23 |
This page lists every published CVE security advisory associated with XplodedThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.