Browse all 6 CVE security advisories affecting blossomthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Blossomthemes develops WordPress themes and plugins for website building, with six CVEs recorded. Historically, vulnerabilities include stored cross-site scripting (XSS), arbitrary file uploads leading to remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security assessments reveal inconsistent sanitization practices and inadequate user permission checks. While no major public incidents are documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Users should implement strict input validation and keep installations updated to mitigate risks associated with these themes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-5647 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library — BlossomThemes Social FeedCWE-79 | 6.4 | Medium | 2025-07-03 |
| CVE-2024-37412 | WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability — Blossom ShopCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2024-37243 | WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability — Vandana LiteCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2024-37102 | WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability — VilvaCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2024-2107 | Blossom Spa <= 1.3.3 - Sensitive Information Exposure — Blossom SpaCWE-862 | 5.8 | Medium | 2024-03-12 |
| CVE-2022-37338 | WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Blossom Recipe Maker (WordPress plugin)CWE-79 | 4.1 | Medium | 2022-09-23 |
This page lists every published CVE security advisory associated with blossomthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.