Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xylus Themes — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Xylus Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xylus Themes develops WordPress themes for website customization, with 11 CVEs recorded primarily involving remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Historically, these themes have contained insufficient input validation and improper access controls, allowing attackers to execute unauthorized code or compromise user accounts. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple releases indicates systemic security weaknesses in development practices. The themes' broad functionality and integration with WordPress core increase their attack surface, making proper updates and hardening essential for users to mitigate risks.

Top products by Xylus Themes: WP Event Aggregator WP Smart Import WordPress Importer WP Bulk Delete XT Event Widget for Social Events Import Social Events
CVE IDTitleCVSSSeverityPublished
CVE-2025-58192 WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability — WP Bulk DeleteCWE-862 4.3 Medium2025-08-27
CVE-2025-47453 WordPress WP Smart Import plugin <= 1.1.3 - Local File Inclusion Vulnerability — WP Smart ImportCWE-98 8.1 High2025-05-23
CVE-2025-48256 WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability — Import Social EventsCWE-79 6.5 Medium2025-05-19
CVE-2025-47531 WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability — XT Event Widget for Social EventsCWE-98 7.5 High2025-05-07
CVE-2025-24700 WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP Event AggregatorCWE-79 7.1 High2025-02-14
CVE-2024-47352 WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability — WP Bulk DeleteCWE-79 7.1 High2024-10-06
CVE-2024-38703 WordPress WP Event Aggregator plugin <= 1.7.9 - Cross Site Scripting (XSS) vulnerability — WP Event AggregatorCWE-79 6.5 Medium2024-07-20
CVE-2024-32597 WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability — WordPress ImporterCWE-79 5.9 Medium2024-04-18
CVE-2024-31371 WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability — WP Event AggregatorCWE-352 4.3 Medium2024-04-12
CVE-2024-30201 WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — WordPress ImporterCWE-79 7.1 High2024-03-27
CVE-2022-40209 WP Smart Import plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) — WP Smart ImportCWE-79 6.1 Medium2022-12-06

This page lists every published CVE security advisory associated with Xylus Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.