Browse all 4 CVE security advisories affecting fox-themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fox-themes develops WordPress themes for websites, focusing on customizable templates for businesses and bloggers. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often due to insufficient input validation and insecure file handling. Privilege escalation vulnerabilities have also been documented in several themes. Security researchers have identified multiple instances of hardcoded credentials and insecure direct object reference (IDOR) issues across their product line. The four CVEs associated with this vendor primarily reflect these recurring security weaknesses, with no major public breaches reported to date.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27359 | WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability — Awa PluginsCWE-79 | 7.1 | High | 2026-03-05 |
| CVE-2026-24955 | WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability — Whizz PluginsCWE-79 | 7.1 | High | 2026-02-20 |
| CVE-2026-24948 | WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — ReflectorCWE-79 | 7.1 | High | 2026-02-20 |
| CVE-2025-67972 | WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability — PragueCWE-79 | 7.1 | High | 2026-02-20 |
This page lists every published CVE security advisory associated with fox-themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.