Browse all 4 CVE security advisories affecting nsthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NsThemes develops WordPress themes and plugins for website customization, with a core use case of enhancing site functionality and design. Historically, the project has been associated with multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The four recorded CVEs highlight recurring security weaknesses in their codebase, particularly in file handling and user permission management. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure development practices, potentially exposing users to significant risks if timely updates are not applied.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14845 | NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update — NS Ie Compatibility FixerCWE-352 | 4.3 | Medium | 2026-01-07 |
| CVE-2025-23459 | WordPress NS Simple Intro Loader plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — NS Simple Intro LoaderCWE-79 | 7.1 | High | 2025-03-26 |
| CVE-2023-27422 | WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) — NS Coupon To Become CustomerCWE-79 | 5.9 | Medium | 2023-08-08 |
| CVE-2023-24381 | WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) — Advanced Social PixelCWE-79 | 5.9 | Medium | 2023-03-20 |
This page lists every published CVE security advisory associated with nsthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.