Browse all 3 CVE security advisories affecting droitthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DroitThemes develops WordPress themes and plugins for website creation, with three CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input sanitization and improper access controls. Security assessments reveal inconsistent validation of user-supplied data, allowing attackers to execute arbitrary code or inject malicious scripts. While no major public incidents are documented, the CVE pattern suggests ongoing challenges in secure coding practices. Users should implement strict input validation and keep installations updated to mitigate risks associated with these themes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-2252 | Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor BuilderCWE-79 | 5.4 | Medium | 2024-03-13 |
| CVE-2024-22136 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) — Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor BuilderCWE-352 | 4.3 | Medium | 2024-01-31 |
| CVE-2023-47531 | WordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) — Droit Dark ModeCWE-352 | 4.3 | Medium | 2023-11-18 |
This page lists every published CVE security advisory associated with droitthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.