Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

designthemes — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting designthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Designthemes operates primarily as a provider of web templates and themes for content management systems, targeting developers and businesses seeking pre-built digital infrastructure. Security audits have identified thirty-eight distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, indicating a pattern of insufficient input validation and access control mechanisms. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from outdated dependencies or hardcoded credentials within the theme files. These flaws typically allow attackers to execute arbitrary commands, steal session data, or bypass administrative restrictions. While no single catastrophic data breach has been publicly attributed solely to designthemes, the high volume of CVEs suggests systemic issues in their code review processes. Users are advised to apply patches immediately and restrict file permissions to mitigate the risk of exploitation.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability — LMSCWE-79 7.1 High2026-07-02
CVE-2026-27402 WordPress Kids Life | Children School WordPress theme <= 5.2 - Cross Site Scripting (XSS) vulnerability — Kids Life | Children School WordPressCWE-79 7.1 High2026-07-02
CVE-2025-69155 WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability — Fitness Zone WordPress ThemeCWE-79 7.1 High2026-07-02
CVE-2025-69154 WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS) vulnerability — SpaLab | Beauty Salon WordPress ThemeCWE-79 7.1 High2026-07-02
CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability — Trendy TravelCWE-79 7.1 High2026-07-02
CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability — LMS Elementor ProCWE-266 9.8 Critical2026-03-05
CVE-2026-27390 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking AddonCWE-288 8.8 High2026-03-05
CVE-2026-27388 WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability — DesignThemes Booking ManagerCWE-862 7.5 High2026-03-05
CVE-2026-27385 WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — DesignThemes PortfolioCWE-79 7.1 High2026-03-05
CVE-2026-27386 WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability — DesignThemes Directory AddonCWE-862 7.5 High2026-03-05
CVE-2026-27389 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking AddonCWE-288 9.8 Critical2026-03-05
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability — Dental ClinicCWE-502 8.8 High2026-03-05
CVE-2025-69302 WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability — DesignThemes Core FeaturesCWE-79 7.1 High2026-02-20
CVE-2025-69095 WordPress Reservation Plugin plugin <= 1.7 - Settings Change vulnerability — Reservation PluginCWE-862 6.5 Medium2026-01-22
CVE-2025-69002 WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability — OneLifeCWE-502 8.8 High2026-01-22
CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability — VivaghCWE-502 8.8 High2026-01-22
CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability — Kids HeavenCWE-502 8.8 High2026-01-22
CVE-2025-68980 WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability — WeDesignTech PortfolioCWE-862 5.3 Medium2025-12-30
CVE-2025-68982 WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability — DesignThemes LMS AddonCWE-862 5.3 Medium2025-12-30
CVE-2025-68981 WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability — HomeFix Elementor PortfolioCWE-862 5.3 Medium2025-12-30
CVE-2025-68978 WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — DesignThemes CoreCWE-79 6.5 Medium2025-12-30
CVE-2025-68977 WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability — DesignThemes Portfolio AddonCWE-79 6.5 Medium2025-12-30
CVE-2025-64221 WordPress Reservation Plugin plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — Reservation PluginCWE-79 7.1 High2025-12-18
CVE-2025-13542 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation — DesignThemes LMSCWE-269 9.8 Critical2025-12-02
CVE-2025-60234 WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability — Single PropertyCWE-502 8.8 High2025-10-22
CVE-2025-60228 WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability — Knowledge BaseCWE-502 8.8 High2025-10-22
CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability — VEDACWE-502 8.8 High2025-10-22
CVE-2025-60215 WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability — KriyaCWE-502 8.8 High2025-10-22
CVE-2025-53423 WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability — TrissCWE-79 7.1 High2025-10-22
CVE-2025-31634 WordPress Insurance theme <= 3.5 - PHP Object Injection Vulnerability — InsuranceCWE-502 8.8 High2025-10-22

This page lists every published CVE security advisory associated with designthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.