Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

imithemes — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting imithemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Imithemes develops WordPress themes and plugins for website creation, with 14 CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security characteristics include inconsistent patching timelines across products, with some critical vulnerabilities remaining unaddressed for extended periods. No major public security incidents have been documented, though the pattern of recurring XSS and RCE issues suggests ongoing challenges in secure coding practices. The company's portfolio maintains a moderate risk profile due to these recurring but typically non-critical vulnerabilities.

Top products by imithemes: Eventer - WordPress Event & Booking Manager Plugin Eventer Real Spaces - WordPress Properties Directory Theme IMITHEMES Listing Gaea
CVE IDTitleCVSSSeverityPublished
CVE-2026-32518 WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability — GaeaCWE-79 7.1 High2026-03-25
CVE-2025-6758 Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' — Real Spaces - WordPress Properties Directory ThemeCWE-269 9.8 Critical2025-08-19
CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' — Real Spaces - WordPress Properties Directory ThemeCWE-269 8.8 High2025-08-19
CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability — EventerCWE-94 6.5 Medium2025-08-14
CVE-2025-39481 WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability — EventerCWE-89 9.3 Critical2025-05-16
CVE-2025-39482 WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability — EventerCWE-862 4.3 Medium2025-05-16
CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset — IMITHEMES ListingCWE-620 9.8 Critical2025-05-09
CVE-2025-0959 Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id — Eventer - WordPress Event & Booking Manager PluginCWE-564 8.8 High2025-03-07
CVE-2025-22635 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability — EventerCWE-79 7.1 High2025-02-23
CVE-2024-11134 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export — Eventer - WordPress Event & Booking Manager PluginCWE-862 4.3 Medium2025-02-03
CVE-2024-11132 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Eventer - WordPress Event & Booking Manager PluginCWE-79 6.4 Medium2025-02-03
CVE-2024-11133 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download — Eventer - WordPress Event & Booking Manager PluginCWE-862 5.3 Medium2025-02-03
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees — Eventer - WordPress Event & Booking Manager PluginCWE-89 7.5 High2025-01-28
CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read — Eventer - WordPress Event & Booking Manager PluginCWE-22 6.5 Medium2025-01-17

This page lists every published CVE security advisory associated with imithemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.