Browse all 3 CVE security advisories affecting holithemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Holithemes develops WordPress themes and website templates, primarily for small businesses and portfolio sites. Historically, their products have been vulnerable to multiple security issues including stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls in theme customization options. The company currently has three CVEs on record, with vulnerabilities typically allowing attackers to execute arbitrary code, manipulate website content, or gain elevated access. Security researchers have noted that some Holithemes implementations contained hardcoded credentials and insecure direct object references, though no major public security incidents have been widely reported.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-5336 | Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter — Click to Chat – HoliThemesCWE-79 | 6.4 | Medium | 2025-06-14 |
| CVE-2024-9619 | WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — WP SHAPESCWE-79 | 6.4 | Medium | 2024-12-20 |
| CVE-2024-3849 | Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion — Click to Chat – HoliThemesCWE-98 | 8.8 | High | 2024-05-02 |
This page lists every published CVE security advisory associated with holithemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.