Browse all 4 CVE security advisories affecting codelessthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Codelessthemes develops WordPress themes focused on simplicity and ease of use for website builders. Historically, their products have been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often stemming from insufficient input sanitization and insecure file handling practices. The company has accumulated four CVE records, with some instances allowing attackers to execute arbitrary code or inject malicious scripts. While no major public security incidents have been widely documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly regarding user input validation and proper permission checks in theme components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-8960 | Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Cowidgets – Elementor AddonsCWE-79 | 6.4 | Medium | 2024-11-09 |
| CVE-2024-10779 | Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post Disclosure — Cowidgets – Elementor AddonsCWE-639 | 5.3 | Medium | 2024-11-09 |
| CVE-2024-5179 | Cowidgets – Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion — Cowidgets – Elementor AddonsCWE-22 | 8.8 | High | 2024-06-06 |
| CVE-2024-4697 | Cowidgets – Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter — Cowidgets – Elementor AddonsCWE-79 | 6.4 | Medium | 2024-06-04 |
This page lists every published CVE security advisory associated with codelessthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.