Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

blazethemes — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting blazethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Blazethemes develops WordPress themes and plugins, primarily serving website owners seeking customizable templates. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, often due to insufficient input sanitization, along with remote code execution (RCE) flaws through insecure file handling and privilege escalation weaknesses from improper access controls. Security researchers have identified multiple instances where insufficient output encoding and direct file inclusion allowed attackers to execute arbitrary code or compromise administrative accounts. While no major public breaches have been widely documented, the consistent pattern of vulnerabilities across their portfolio indicates ongoing security challenges in their development lifecycle, with 16 CVEs reflecting recurring issues in input validation and secure coding practices.

Top products by blazethemes: News Kit Elementor Addons Newsmatic Blaze Demo Importer Digital Newspaper News Kit Addons For Elementor Trendy News Pubnews Blogmatic News Event Blogistic Blogzee
CVE IDTitleCVSSSeverityPublished
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability — News Kit Elementor AddonsCWE-862 4.3 Medium2026-02-19
CVE-2025-68910 WordPress Blogzee theme <= 1.0.5 - Arbitrary File Upload vulnerability — BlogzeeCWE-434 9.9 Critical2026-01-22
CVE-2025-68909 WordPress Blogistic theme <= 1.0.5 - Arbitrary File Upload vulnerability — BlogisticCWE-434 9.9 Critical2026-01-22
CVE-2025-62056 WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability — News EventCWE-434 9.9 Critical2026-01-22
CVE-2025-62050 WordPress Blogmatic theme <= 1.0.3 - Arbitrary File Upload vulnerability — BlogmaticCWE-434 9.9 Critical2026-01-22
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion — Blaze Demo ImporterCWE-862 8.1 High2025-12-12
CVE-2025-8446 Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install — Blaze Demo ImporterCWE-862 4.3 Medium2025-09-16
CVE-2025-54037 WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability — News Kit Elementor AddonsCWE-862 5.4 Medium2025-07-16
CVE-2025-32196 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — News Kit Elementor AddonsCWE-79 6.5 Medium2025-04-04
CVE-2024-37473 WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability — Trendy NewsCWE-352 4.3 Medium2025-01-02
CVE-2024-54260 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — News Kit Elementor AddonsCWE-79 6.5 Medium2024-12-09
CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation — PubnewsCWE-434 8.8 High2024-12-06
CVE-2024-37468 WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability — NewsmaticCWE-862 5.3 Medium2024-11-01
CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template — News Kit Addons For ElementorCWE-200 4.3 Medium2024-10-22
CVE-2024-37198 WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability — Digital NewspaperCWE-352 4.3 Medium2024-06-21
CVE-2024-1587 Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content — NewsmaticCWE-862 5.3 Medium2024-04-09

This page lists every published CVE security advisory associated with blazethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.