Browse all 3 CVE security advisories affecting bulktheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bulktheme develops WordPress themes and plugins for website building, primarily targeting small to medium businesses. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple vulnerabilities in their themes, including three CVEs, with some allowing complete site compromise. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in their development lifecycle. Their products remain popular despite these concerns, potentially exposing numerous websites to exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-23944 | WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability — WOOEXIMCWE-502 | 8.8 | High | 2025-01-22 |
| CVE-2025-22533 | WordPress WOOEXIM Plugin <= 5.0.0 - SQL Injection vulnerability — WOOEXIMCWE-89 | 7.6 | High | 2025-01-07 |
This page lists every published CVE security advisory associated with bulktheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.