Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

aonetheme — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting aonetheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Aonetheme is a WordPress theme provider offering multipurpose templates for websites, with 9 CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security assessments reveal inconsistent sanitization practices in theme options and file handling. While no major public incidents are documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices. The theme's extensive functionality increases attack surface, particularly in areas handling user-generated content. Regular updates address some issues, but the cumulative history indicates persistent security risks requiring vigilant maintenance.

Top products by aonetheme: Service Finder Bookings Service Finder SMS System Service Finder Booking
CVE IDTitleCVSSSeverityPublished
CVE-2025-6574 Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — Service Finder BookingsCWE-639 8.8 High2025-11-01
CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password — Service Finder BookingsCWE-639 8.8 High2025-11-01
CVE-2025-5948 Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business — Service Finder BookingsCWE-639 9.8 Critical2025-09-19
CVE-2025-5955 Service Finder SMS System <= 2.0.0 - Authentication Bypass — Service Finder SMS SystemCWE-288 8.1 High2025-09-19
CVE-2025-5947 Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie — Service Finder BookingsCWE-639 9.8 Critical2025-08-01
CVE-2025-5954 Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation — Service Finder SMS SystemCWE-269 9.8 Critical2025-08-01
CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability — Service Finder BookingCWE-266 9.8 Critical2025-07-04
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' — Service Finder BookingsCWE-266 9.8 Critical2025-04-25
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover — Service Finder BookingsCWE-288 9.8 Critical2025-03-19

This page lists every published CVE security advisory associated with aonetheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.