Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

axiomthemes — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting axiomthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Axiomthemes operates as a digital marketplace primarily distributing WordPress themes and plugins for web developers and business owners. Security audits reveal a concerning pattern of vulnerabilities, with approximately 85 Common Vulnerabilities and Exposures (CVEs) currently documented. The most prevalent issues involve Cross-Site Scripting (XSS) and Remote Code Execution (RCE), often stemming from insufficient input validation and sanitization within plugin code. Additionally, several incidents highlight broken access control mechanisms, allowing unauthorized privilege escalation for lower-level user roles. These flaws frequently enable attackers to inject malicious scripts or execute arbitrary commands on compromised servers. While the company provides standard support channels, the high volume of disclosed CVEs suggests inconsistent security review processes prior to product release. Users are advised to rigorously audit any installed components, as the historical data indicates a significant risk profile associated with their software ecosystem.

Top products by axiomthemes: smart SEO Rentic Conquerors m2 | Construction and Tools Store Little Birdies Welldone AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme Au Pair Agency - Babysitting & Nanny Theme Estate Nirvana Smash Plan My Day Greeny Assembly Rally Hygia Amuli Harper Convex Catwalk FitLine Beautique The Gig Cerebrum Pantry Catamaran Neptunus Woo Hoo Critique Alright
CVE IDTitleCVSSSeverityPublished
CVE-2025-60048 WordPress Tripster theme <= 1.0.10 - Local File Inclusion vulnerability — TripsterCWE-98 8.1 High2025-12-18
CVE-2025-60046 WordPress HeartStar theme <= 1.0.14 - Local File Inclusion vulnerability — HeartStarCWE-98 8.1 High2025-12-18
CVE-2025-60047 WordPress IPharm theme <= 1.2.3 - Local File Inclusion vulnerability — IPharmCWE-98 8.1 High2025-12-18
CVE-2025-60049 WordPress Soleil theme <= 1.17 - Local File Inclusion vulnerability — SoleilCWE-98 8.1 High2025-12-18
CVE-2025-58950 WordPress Lione theme <= 1.16 - Local File Inclusion vulnerability — LioneCWE-98 8.1 High2025-12-18
CVE-2025-58945 WordPress EcoGrow theme <= 1.7 - Local File Inclusion vulnerability — EcoGrowCWE-98 8.1 High2025-12-18
CVE-2025-58948 WordPress Aromatica theme <= 1.8 - Local File Inclusion vulnerability — AromaticaCWE-98 8.1 High2025-12-18
CVE-2025-58946 WordPress Vocal theme <= 1.12 - Local File Inclusion vulnerability — VocalCWE-98 8.1 High2025-12-18
CVE-2025-58947 WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability — AthosCWE-98 8.1 High2025-12-18
CVE-2025-58949 WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability — SpockCWE-98 8.1 High2025-12-18
CVE-2025-58944 WordPress Manufactory theme <= 1.4 - Local File Inclusion vulnerability — ManufactoryCWE-98 8.1 High2025-12-18
CVE-2025-58942 WordPress Dwell theme <= 1.7.0 - Local File Inclusion vulnerability — DwellCWE-98 8.1 High2025-12-18
CVE-2025-58943 WordPress Agricola theme <= 1.1.0 - Local File Inclusion vulnerability — AgricolaCWE-98 8.1 High2025-12-18
CVE-2025-58941 WordPress Fabric theme <= 1.5.0 - Local File Inclusion vulnerability — FabricCWE-98 8.1 High2025-12-18
CVE-2025-58940 WordPress Basil theme <= 1.3.12 - Local File Inclusion vulnerability — BasilCWE-98 8.1 High2025-12-18
CVE-2025-58937 WordPress Tacticool theme <= 1.0.13 - Local File Inclusion vulnerability — TacticoolCWE-98 8.1 High2025-12-18
CVE-2025-58933 WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability — AnubisCWE-98 8.1 High2025-12-18
CVE-2025-58935 WordPress Lunna theme <= 1.15 - Local File Inclusion vulnerability — LunnaCWE-98 8.1 High2025-12-18
CVE-2025-58936 WordPress Catamaran theme <= 1.15 - Local File Inclusion vulnerability — CatamaranCWE-98 8.1 High2025-12-18
CVE-2025-58934 WordPress The Gig theme <= 1.18.0 - Local File Inclusion vulnerability — The GigCWE-98 8.1 High2025-12-18
CVE-2025-58930 WordPress FitFlex theme <= 1.6 - Local File Inclusion vulnerability — FitFlexCWE-98 8.1 High2025-12-18
CVE-2025-58929 WordPress Pantry theme <= 1.4 - Local File Inclusion vulnerability — PantryCWE-98 8.1 High2025-12-18
CVE-2025-58932 WordPress Prisma theme <= 1.10 - Local File Inclusion vulnerability — PrismaCWE-98 8.1 High2025-12-18
CVE-2025-58928 WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability — HeartCWE-98 8.1 High2025-12-18
CVE-2025-58931 WordPress Palatio theme <= 1.6 - Local File Inclusion vulnerability — PalatioCWE-98 8.1 High2025-12-18
CVE-2025-58926 WordPress Cerebrum theme <= 1.12 - Local File Inclusion vulnerability — CerebrumCWE-98 8.1 High2025-12-18
CVE-2025-58925 WordPress Neptunus theme <= 1.0.11 - Local File Inclusion vulnerability — NeptunusCWE-98 8.1 High2025-12-18
CVE-2025-58923 WordPress Critique theme <= 1.17 - Local File Inclusion vulnerability — CritiqueCWE-98 8.1 High2025-12-18
CVE-2025-58927 WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability — StallionCWE-98 8.1 High2025-12-18
CVE-2025-58893 WordPress Alright theme <= 1.6.1 - Local File Inclusion vulnerability — AlrightCWE-98 8.1 High2025-12-18

This page lists every published CVE security advisory associated with axiomthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.