Browse all 6 CVE security advisories affecting madrasthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Madrasthemes develops WordPress themes and plugins for website creation, with six CVEs recorded in their history. Their products have historically been vulnerable to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, their consistent vulnerability pattern suggests a need for improved security practices in development. The recurring nature of these issues indicates potential systemic weaknesses in their code review processes, particularly in sanitizing user inputs and implementing proper authentication mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12328 | MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG — MAS ElementorCWE-79 | 6.4 | Medium | 2025-01-08 |
| CVE-2024-49233 | WordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability — MAS ElementorCWE-79 | 6.5 | Medium | 2024-10-18 |
This page lists every published CVE security advisory associated with madrasthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.