Browse all 3 CVE security advisories affecting kingthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kingthemes develops WordPress themes and website templates for businesses and individuals. Historically, their products have been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls in theme files. The company has three CVEs on record, with vulnerabilities affecting multiple theme versions. Security researchers have identified consistent patterns of insecure coding practices, particularly in file handling and data processing functions. While no major public security incidents have been widely reported, the recurring nature of these vulnerabilities suggests ongoing challenges in secure development practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-36709 | Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting — Page Builder: KingComposer – Free Drag and Drop page builder by King-ThemeCWE-79 | 5.5 | Medium | 2023-06-07 |
| CVE-2020-36701 | Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload — Page Builder: KingComposer – Free Drag and Drop page builder by King-ThemeCWE-434 | 8.8 | High | 2023-06-07 |
| CVE-2020-36700 | Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control — Page Builder: KingComposer – Free Drag and Drop page builder by King-ThemeCWE-284 | 8.8 | High | 2023-06-07 |
This page lists every published CVE security advisory associated with kingthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.