Browse all 11 CVE security advisories affecting Xylus Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xylus Themes develops WordPress themes for website customization, with 11 CVEs recorded primarily involving remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Historically, these themes have contained insufficient input validation and improper access controls, allowing attackers to execute unauthorized code or compromise user accounts. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple releases indicates systemic security weaknesses in development practices. The themes' broad functionality and integration with WordPress core increase their attack surface, making proper updates and hardening essential for users to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58192 | WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability — WP Bulk DeleteCWE-862 | 4.3 | Medium | 2025-08-27 |
| CVE-2024-47352 | WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability — WP Bulk DeleteCWE-79 | 7.1 | High | 2024-10-06 |
This page lists every published CVE security advisory associated with Xylus Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.