Browse all 12 CVE security advisories affecting cozythemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CozyThemes develops WordPress themes and website templates for small businesses and bloggers. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper capability checks. While no major public security incidents have been widely documented, the 12 CVEs on record indicate a pattern of security shortcomings that could allow attackers to compromise websites, steal data, or gain unauthorized administrative access. These vulnerabilities typically arise in theme customization options, contact forms, and theme update mechanisms, posing risks to end users who fail to promptly apply patches.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58606 | WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability — SaasLauncherCWE-862 | 5.0 | Medium | 2025-09-03 |
This page lists every published CVE security advisory associated with cozythemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.