posimyththemes — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting posimyththemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Posimyththemes operates as a commercial provider of WordPress themes and plugins, primarily targeting niche markets such as adult entertainment and dating platforms. This specific focus has historically attracted significant malicious attention, resulting in thirty-four recorded Common Vulnerabilities and Exposures. The most prevalent security flaws involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation and insufficient sanitization of user-supplied data within theme functions. Additionally, instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate site configurations or execute arbitrary scripts. These vulnerabilities frequently arise from complex, poorly audited codebases designed to handle sensitive media uploads and user interactions. While no single catastrophic data breach has been publicly attributed solely to this vendor, the high volume of CVEs indicates systemic weaknesses in their development lifecycle, posing substantial risks to any website integrating their software without rigorous security patching and monitoring.

Top products by posimyththemes: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce The Plus Addons for Elementor Page Builder Pro WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Nexter Extension – Security, Performance, Code Snippets & Site Toolkit Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder

CVEs 34

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3311	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2026-04-08
CVE-2026-2385	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-345	5.3	Medium	2026-02-22
CVE-2026-2386	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-863	4.3	Medium	2026-02-18
CVE-2026-0726	Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' — Nexter Extension – Security, Performance, Code Snippets & Site ToolkitCWE-502	8.1	High	2026-01-20
CVE-2025-13731	Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Nexter Extension – Security, Performance, Code Snippets & Site ToolkitCWE-79	6.4	Medium	2025-12-02
CVE-2025-9029	WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget BuilderCWE-862	4.3	Medium	2025-10-04
CVE-2025-8567	Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website BuilderCWE-79	6.4	Medium	2025-08-19
CVE-2025-7646	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2025-08-01
CVE-2024-12189	WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget BuilderCWE-79	6.4	Medium	2025-04-01
CVE-2025-1287	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2025-03-08
CVE-2024-11829	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2025-02-01
CVE-2024-10365	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-200	4.3	Medium	2024-11-20
CVE-2024-8913	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-200	4.3	Medium	2024-10-11
CVE-2024-5583	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-08-22
CVE-2024-5763	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-08-20
CVE-2024-6575	The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-08-20
CVE-2024-4482	The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-07-03
CVE-2024-4983	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-06-27
CVE-2024-5455	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion — The Plus Addons for Elementor Page Builder ProCWE-98	8.8	High	2024-06-21
CVE-2024-5344	The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget — The Plus Addons for Elementor Page Builder ProCWE-79	6.1	Medium	2024-06-21
CVE-2024-5341	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget — The Plus Addons for Elementor Page Builder ProCWE-79	6.4	Medium	2024-05-30
CVE-2024-4484	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-24
CVE-2024-4485	The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-24
CVE-2024-3718	The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-24
CVE-2024-2784	The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-24
CVE-2024-2785	The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-09
CVE-2024-0445	The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-09
CVE-2024-3197	The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-02
CVE-2024-3199	The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-79	6.4	Medium	2024-05-02
CVE-2024-2203	The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-22	6.4	Medium	2024-03-27

This page lists every published CVE security advisory associated with posimyththemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

posimyththemes — Vulnerabilities & Security Advisories 34