Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

axiomthemes — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting axiomthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Axiomthemes operates as a digital marketplace primarily distributing WordPress themes and plugins for web developers and business owners. Security audits reveal a concerning pattern of vulnerabilities, with approximately 85 Common Vulnerabilities and Exposures (CVEs) currently documented. The most prevalent issues involve Cross-Site Scripting (XSS) and Remote Code Execution (RCE), often stemming from insufficient input validation and sanitization within plugin code. Additionally, several incidents highlight broken access control mechanisms, allowing unauthorized privilege escalation for lower-level user roles. These flaws frequently enable attackers to inject malicious scripts or execute arbitrary commands on compromised servers. While the company provides standard support channels, the high volume of disclosed CVEs suggests inconsistent security review processes prior to product release. Users are advised to rigorously audit any installed components, as the historical data indicates a significant risk profile associated with their software ecosystem.

Top products by axiomthemes: smart SEO Rentic Conquerors m2 | Construction and Tools Store Little Birdies Welldone AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme Au Pair Agency - Babysitting & Nanny Theme Estate Nirvana Smash Plan My Day Greeny Assembly Rally Hygia Amuli Harper Convex Catwalk FitLine Beautique The Gig Cerebrum Pantry Catamaran Neptunus Woo Hoo Critique Alright
CVE IDTitleCVSSSeverityPublished
CVE-2025-58894 WordPress Good Mood theme <= 1.16 - Local File Inclusion vulnerability — Good MoodCWE-98 8.1 High2025-12-18
CVE-2025-58889 WordPress Towny theme <= 1.16 - Local File Inclusion vulnerability — TownyCWE-98 8.1 High2025-12-18
CVE-2025-58803 WordPress Algenix theme <= 1.0 - Local File Inclusion vulnerability — AlgenixCWE-98 8.1 High2025-12-18
CVE-2025-58708 WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability — 777CWE-98 8.1 High2025-12-18
CVE-2025-58225 WordPress Paragon theme <= 1.1 - Local File Inclusion vulnerability — ParagonCWE-98 8.1 High2025-12-18
CVE-2025-58709 WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability — LegacyCWE-98 8.1 High2025-12-18
CVE-2025-58706 WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability — Woo HooCWE-98 8.1 High2025-12-18
CVE-2025-53447 WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability — AssemblyCWE-98 8.1 High2025-12-18
CVE-2025-53448 WordPress Rally theme <= 1.1 - Local File Inclusion vulnerability — RallyCWE-98 8.1 High2025-12-18
CVE-2025-53453 WordPress Hygia theme <= 1.16 - Local File Inclusion vulnerability — HygiaCWE-98 8.1 High2025-12-18
CVE-2025-53449 WordPress Convex theme <= 1.11 - Local File Inclusion vulnerability — ConvexCWE-98 8.1 High2025-12-18
CVE-2025-53443 WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability — SmashCWE-98 8.1 High2025-12-18
CVE-2025-53446 WordPress Beautique theme <= 1.5 - Local File Inclusion vulnerability — BeautiqueCWE-98 8.1 High2025-12-18
CVE-2025-53445 WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability — CatwalkCWE-98 8.1 High2025-12-18
CVE-2025-53442 WordPress Rentic theme <= 1.1 - Local File Inclusion vulnerability — RenticCWE-98 8.1 High2025-12-18
CVE-2025-53441 WordPress Greeny theme <= 2.6 - Local File Inclusion vulnerability — GreenyCWE-98 8.1 High2025-12-18
CVE-2025-53438 WordPress FitLine theme <= 1.6 - Local File Inclusion vulnerability — FitLineCWE-98 8.1 High2025-12-18
CVE-2025-53439 WordPress Harper theme <= 1.13 - Local File Inclusion vulnerability — HarperCWE-98 8.1 High2025-12-18
CVE-2025-53435 WordPress Plan My Day theme <= 1.1.13 - Local File Inclusion vulnerability — Plan My DayCWE-98 8.1 High2025-12-18
CVE-2025-28953 WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability — smart SEOCWE-89 8.5 High2025-11-06
CVE-2025-60226 WordPress White Rabbit theme <= 1.5.2 - PHP Object Injection vulnerability — White RabbitCWE-502 9.8 Critical2025-10-22
CVE-2025-49401 WordPress smart SEO Plugin <= 4.0 - Privilege Escalation Vulnerability — smart SEOCWE-266 9.8 Critical2025-09-05
CVE-2025-49434 WordPress Cars4Rent Theme <= 1.4.2 - PHP Object Injection Vulnerability — Cars4RentCWE-502 9.8 Critical2025-08-20
CVE-2025-26592 WordPress Lab Theme <= 1.0.0 - Local File Inclusion Vulnerability — LabCWE-98 8.1 High2025-06-09
CVE-2025-49073 WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability — Sweet DessertCWE-502 9.8 Critical2025-06-06

This page lists every published CVE security advisory associated with axiomthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.