Browse all 6 CVE security advisories affecting desertthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Desertthemes is a WordPress theme provider focusing on lightweight, customizable templates for blogs and business websites. Historically, their themes have been vulnerable to multiple cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input sanitization and improper file handling. These vulnerabilities typically allow attackers to execute arbitrary code, manipulate website content, or escalate privileges. While no major public incidents have been documented, the six CVEs attributed to desertthemes highlight recurring security lapses in their codebase, particularly in file inclusion and AJAX processing functions. Their themes' popularity among small websites makes them a persistent target for opportunistic attacks seeking to compromise vulnerable installations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58817 | WordPress SoftMe Theme <= 1.1.27 - Broken Access Control Vulnerability — SoftMeCWE-862 | 4.3 | Medium | 2025-09-05 |
This page lists every published CVE security advisory associated with desertthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.