Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

axiomthemes — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting axiomthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Axiomthemes operates as a digital marketplace primarily distributing WordPress themes and plugins for web developers and business owners. Security audits reveal a concerning pattern of vulnerabilities, with approximately 85 Common Vulnerabilities and Exposures (CVEs) currently documented. The most prevalent issues involve Cross-Site Scripting (XSS) and Remote Code Execution (RCE), often stemming from insufficient input validation and sanitization within plugin code. Additionally, several incidents highlight broken access control mechanisms, allowing unauthorized privilege escalation for lower-level user roles. These flaws frequently enable attackers to inject malicious scripts or execute arbitrary commands on compromised servers. While the company provides standard support channels, the high volume of disclosed CVEs suggests inconsistent security review processes prior to product release. Users are advised to rigorously audit any installed components, as the historical data indicates a significant risk profile associated with their software ecosystem.

Top products by axiomthemes: smart SEO Rentic Conquerors m2 | Construction and Tools Store Little Birdies Welldone AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme Au Pair Agency - Babysitting & Nanny Theme Estate Nirvana Smash Plan My Day Greeny Assembly Rally Hygia Amuli Harper Convex Catwalk FitLine Beautique The Gig Cerebrum Pantry Catamaran Neptunus Woo Hoo Critique Alright
CVE IDTitleCVSSSeverityPublished
CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability — m2 | Construction and Tools StoreCWE-502 9.8 Critical2026-03-25
CVE-2026-28129 WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability — Little BirdiesCWE-98 8.1 High2026-03-05
CVE-2026-28118 WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability — WelldoneCWE-98 8.1 High2026-03-05
CVE-2026-28119 WordPress Nirvana theme <= 2.6 - Local File Inclusion vulnerability — NirvanaCWE-98 8.1 High2026-03-05
CVE-2026-28117 WordPress smart SEO theme <= 2.9 - Local File Inclusion vulnerability — smart SEOCWE-98 8.1 High2026-03-05
CVE-2026-28079 WordPress Conquerors theme <= 1.2.13 - Local File Inclusion vulnerability — ConquerorsCWE-98 8.1 High2026-03-05
CVE-2026-28024 WordPress Helion theme <= 1.1.12 - Local File Inclusion vulnerability — HelionCWE-98 8.1 High2026-03-05
CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability — AC Services | HVAC, Air Conditioning & Heating Company WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27098 WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability — Au Pair Agency - Babysitting & Nanny ThemeCWE-502 8.1 High2026-03-05
CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability — MounthoodCWE-502 9.8 Critical2026-03-05
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability — EstateCWE-502 9.8 Critical2026-03-05
CVE-2026-22368 WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability — RedyCWE-98 8.1 High2026-02-20
CVE-2026-22370 WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability — MarvelandCWE-98 8.1 High2026-02-20
CVE-2026-22364 WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability — SevenTreesCWE-98 8.1 High2026-02-20
CVE-2026-22366 WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability — JudeCWE-98 8.1 High2026-02-20
CVE-2026-22365 WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability — SolengCWE-98 8.1 High2026-02-20
CVE-2026-22363 WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability — RhodosCWE-98 8.1 High2026-02-20
CVE-2026-22361 WordPress A-Mart theme <= 1.0.2 - Local File Inclusion vulnerability — A-MartCWE-98 8.1 High2026-02-20
CVE-2026-22362 WordPress Photolia theme <= 1.0.3 - Local File Inclusion vulnerability — PhotoliaCWE-98 8.1 High2026-02-20
CVE-2025-69409 WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability — PJ | Life & Business CoachingCWE-98 8.1 High2026-02-20
CVE-2025-50003 WordPress Amuli theme <= 2.3.0 - Local File Inclusion vulnerability — AmuliCWE-98 8.1 High2026-01-22
CVE-2025-60067 WordPress Giardino theme <= 1.1.10 - Local File Inclusion vulnerability — GiardinoCWE-98 8.1 High2025-12-18
CVE-2025-60066 WordPress Katelyn theme <= 1.0.10 - Local File Inclusion vulnerability — KatelynCWE-98 8.1 High2025-12-18
CVE-2025-60065 WordPress Pinevale theme <= 1.0.14 - Local File Inclusion vulnerability — PinevaleCWE-98 8.1 High2025-12-18
CVE-2025-60064 WordPress Renewal theme <= 1.2.2 - Local File Inclusion vulnerability — RenewalCWE-98 8.1 High2025-12-18
CVE-2025-60063 WordPress Rosalinda theme <= 1.2.3 - Local File Inclusion vulnerability — RosalindaCWE-98 8.1 High2025-12-18
CVE-2025-60061 WordPress Kicker theme <= 2.2.0 - Local File Inclusion vulnerability — KickerCWE-98 8.1 High2025-12-18
CVE-2025-60060 WordPress Pubzinne theme <= 1.0.12 - Local File Inclusion vulnerability — PubzinneCWE-98 8.1 High2025-12-18
CVE-2025-60059 WordPress smart SEO theme <= 2.12 - Local File Inclusion vulnerability — smart SEOCWE-98 8.1 High2025-12-18
CVE-2025-60050 WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability — PandaCWE-98 8.1 High2025-12-18

This page lists every published CVE security advisory associated with axiomthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.