Browse all 5 CVE security advisories affecting javothemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Javothemes develops WordPress themes and plugins for website customization, with five CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS) due to insufficient input sanitization, remote code execution (RCE) via unsafe file uploads, and privilege escalation through improper access controls. Security assessments often reveal inadequate output encoding and lack of capability checks. While no major public incidents are documented, the pattern of vulnerabilities suggests consistent issues with secure coding practices, particularly in handling user-supplied data and file operations. Their products require careful configuration and regular updates to mitigate risks associated with these recurring security gaps.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-60068 | WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability — Javo CoreCWE-94 | 6.5 | Medium | 2025-12-18 |
| CVE-2025-58877 | WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability — Javo CoreCWE-862 | 7.5 | High | 2025-12-18 |
| CVE-2025-60111 | WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability — Javo CoreCWE-352 | 8.8 | High | 2025-09-26 |
| CVE-2025-58003 | WordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control Vulnerability — Javo CoreCWE-862 | 5.3 | Medium | 2025-09-22 |
| CVE-2025-0177 | Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup — Javo CoreCWE-269 | 9.8 | Critical | 2025-03-08 |
This page lists every published CVE security advisory associated with javothemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.