Browse all 6 CVE security advisories affecting catchthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CatchThemes develops WordPress themes and website templates for businesses and individuals. Historically, their products have been vulnerable to multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper permission checks. With six CVEs currently on record, the themes have faced recurring security concerns, particularly in areas like file handling and user authentication. While no major publicized incidents have been documented, the consistent pattern of vulnerabilities suggests a need for more rigorous security testing in their development lifecycle. Users should implement proper hardening measures and maintain regular updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0867 | Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Essential WidgetsCWE-79 | 6.4 | Medium | 2026-02-05 |
| CVE-2025-10143 | Catch Dark Mode <= 2.0 - Authenticated (Contributor+) Local File Inclusion — Catch Dark ModeCWE-98 | 7.5 | High | 2025-09-17 |
| CVE-2024-44010 | WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability — Full frameCWE-79 | 5.1 | Medium | 2024-10-06 |
| CVE-2024-47313 | WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability — Catch BaseCWE-79 | 5.1 | Medium | 2024-10-06 |
| CVE-2024-47356 | WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability — CreateCWE-79 | 5.1 | Medium | 2024-10-06 |
| CVE-2021-24752 | Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change — Essential WidgetsCWE-284 | 5.7 | - | 2021-10-18 |
This page lists every published CVE security advisory associated with catchthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.