Browse all 4 CVE security advisories affecting famethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FameThemes develops WordPress themes and website templates for commercial and personal use. Historically, their products have frequently contained remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and insecure file handling. These issues typically allow attackers to execute arbitrary code, manipulate website content, or potentially escalate privileges. While no major public security incidents have been widely documented, the presence of four CVEs indicates a pattern of security shortcomings that could compromise websites using their themes. Users should implement strict access controls and regular updates to mitigate risks associated with these vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-22643 | WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability — OnePressCWE-862 | 4.3 | Medium | 2025-02-04 |
| CVE-2024-37448 | WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability — OnePressCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2024-38739 | WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability — OnePressCWE-79 | 5.1 | Medium | 2024-07-20 |
| CVE-2024-33679 | WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability — FameTheme Demo ImporterCWE-352 | 4.3 | Medium | 2024-04-26 |
This page lists every published CVE security advisory associated with famethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.