Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

otwthemes — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting otwthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OTWthemes develops WordPress themes and templates for website creation. Historically, their products have frequently contained remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure direct object references. The themes' widespread adoption has amplified the impact of these flaws, with 17 CVEs documented to date. Security researchers have consistently highlighted poor coding practices and lack of regular updates as contributing factors. While no major public breaches have been directly attributed to OTWthemes, the volume of reported vulnerabilities suggests significant security risks for organizations using their products without proper hardening or timely patching.

Top products by otwthemes: Widgetize Pages Light Sidebar Manager Light Post Custom Templates Lite Content Manager Light Popping Sidebars and Widgets Light Blog Manager Light Toggles Shortcode and Widget Info Boxes Shortcode and Widget Widget Manager Light Popping Content Light
CVE IDTitleCVSSSeverityPublished
CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability — Popping Sidebars and Widgets LightCWE-79 5.9 Medium2025-12-30
CVE-2025-58853 WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability — Popping Sidebars and Widgets LightCWE-352 7.1 High2025-09-05
CVE-2025-58805 WordPress Widgetize Pages Light Plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability — Widgetize Pages LightCWE-79 5.9 Medium2025-09-05
CVE-2025-24771 WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Content Manager LightCWE-79 7.1 High2025-07-04
CVE-2025-30942 WordPress Post Custom Templates Lite plugin <= 1.14 - Cross Site Scripting (XSS) Vulnerability — Post Custom Templates LiteCWE-79 5.9 Medium2025-06-06
CVE-2025-30995 WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Widgetize Pages LightCWE-352 7.1 High2025-06-06
CVE-2025-47647 WordPress Sidebar Manager Light plugin <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability — Sidebar Manager LightCWE-352 4.3 Medium2025-05-07
CVE-2025-32115 WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability — Popping Content LightCWE-79 7.1 High2025-04-10
CVE-2025-32117 WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Widgetize Pages LightCWE-79 7.1 High2025-04-08
CVE-2025-32112 WordPress Sidebar Manager Light plugin <= 1.18 - CSRF to Stored XSS vulnerability — Sidebar Manager LightCWE-352 7.1 High2025-04-04
CVE-2025-31768 WordPress Widget Manager Light plugin <= 1.18 - Broken Access Control vulnerability — Widget Manager LightCWE-862 6.5 Medium2025-04-03
CVE-2025-31770 WordPress Content Manager Light plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability — Content Manager LightCWE-79 6.5 Medium2025-04-01
CVE-2025-31767 WordPress Post Custom Templates Lite plugin <= 1.14 - Stored Cross Site Scripting (XSS) vulnerability — Post Custom Templates LiteCWE-79 6.5 Medium2025-04-01
CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability — Info Boxes Shortcode and WidgetCWE-352 4.3 Medium2025-03-24
CVE-2025-22313 WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Widgetize Pages LightCWE-79 7.1 High2025-01-09
CVE-2024-12207 Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting — Toggles Shortcode and WidgetCWE-79 4.4 Medium2025-01-07
CVE-2023-45102 WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) — Blog Manager LightCWE-352 5.4 Medium2023-10-12

This page lists every published CVE security advisory associated with otwthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.