Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bearsthemes — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting bearsthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bearsthemes develops WordPress themes and plugins for website creation, with six CVEs recorded to date. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple instances where unauthenticated attackers could execute arbitrary code or steal sensitive data due to these vulnerabilities. While no major public security incidents have been widely reported, the consistent pattern of similar vulnerabilities across their products suggests ongoing challenges in secure coding practices. Users are advised to maintain updated versions and implement additional security measures when using Bearsthemes' offerings.

Top products by bearsthemes: Alone – Charity Multipurpose Non-profit WordPress Theme Goza - Nonprofit Charity WordPress Theme Bears Backup Worry Proof Backup
CVE IDTitleCVSSSeverityPublished
CVE-2026-1311 Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload — Worry Proof BackupCWE-22 8.8 High2026-02-26
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation — Goza - Nonprofit Charity WordPress ThemeCWE-862 9.8 Critical2025-09-19
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Goza - Nonprofit Charity WordPress ThemeCWE-73 9.1 Critical2025-09-09
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution — Bears BackupCWE-94 9.8 Critical2025-07-17
CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation — Alone – Charity Multipurpose Non-profit WordPress ThemeCWE-862 9.8 Critical2025-07-15
CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Alone – Charity Multipurpose Non-profit WordPress ThemeCWE-73 9.1 Critical2025-07-15

This page lists every published CVE security advisory associated with bearsthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.