Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cozythemes — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting cozythemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CozyThemes develops WordPress themes and website templates for small businesses and bloggers. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper capability checks. While no major public security incidents have been widely documented, the 12 CVEs on record indicate a pattern of security shortcomings that could allow attackers to compromise websites, steal data, or gain unauthorized administrative access. These vulnerabilities typically arise in theme customization options, contact forms, and theme update mechanisms, posing risks to end users who fail to promptly apply patches.

Top products by cozythemes: Cozy Blocks Fota WP Hello Agency Blockbooster ReviveNews SaasLauncher HomeLancer
CVE IDTitleCVSSSeverityPublished
CVE-2025-49375 WordPress HomeLancer theme <= 1.0.1 - Broken Access Control vulnerability — HomeLancerCWE-862 5.4 Medium2026-01-22
CVE-2025-59573 WordPress Cozy Blocks Plugin <= 2.1.29 - Content Injection Vulnerability — Cozy BlocksCWE-80 5.3 Medium2025-09-22
CVE-2025-58606 WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability — SaasLauncherCWE-862 5.0 Medium2025-09-03
CVE-2025-47485 WordPress Cozy Blocks plugin <= 2.1.22 - Broken Access Control Vulnerability — Cozy BlocksCWE-862 5.3 Medium2025-05-07
CVE-2025-30838 WordPress Cozy Blocks plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability — Cozy BlocksCWE-79 6.5 Medium2025-03-27
CVE-2024-43341 WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability — Hello AgencyCWE-862 6.5 Medium2024-11-01
CVE-2024-43979 WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability — BlockboosterCWE-862 6.5 Medium2024-11-01
CVE-2024-43974 WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability — ReviveNewsCWE-862 6.5 Medium2024-11-01
CVE-2024-43980 WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability — Fota WPCWE-862 6.5 Medium2024-11-01
CVE-2024-50441 WordPress Cozy Blocks plugin <= 2.0.15 - Cross Site Scripting (XSS) vulnerability — Cozy BlocksCWE-79 6.5 Medium2024-10-28
CVE-2024-50502 WordPress Cozy Blocks plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability — Cozy BlocksCWE-79 6.5 Medium2024-10-28
CVE-2024-47355 WordPress Cozy Blocks plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability — Cozy BlocksCWE-79 6.5 Medium2024-10-06

This page lists every published CVE security advisory associated with cozythemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.