Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rextheme — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting rextheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rextheme develops WordPress themes and plugins for website building, with 12 CVEs recorded primarily involving remote code execution and cross-site scripting vulnerabilities. Historically, their products have faced issues in insufficient input validation and improper access controls, leading to privilege escalation risks. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Their themes' extensive functionality and integration with multiple WordPress plugins create complex attack surfaces that require careful configuration and regular updates to mitigate potential exploitation risks.

Top products by rextheme: WP VR WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD Product Feed Manager Change WooCommerce Add To Cart Button Text
CVE IDTitleCVSSSeverityPublished
CVE-2025-62885 WordPress WP VR plugin <= 8.5.48 - Cross Site Scripting (XSS) vulnerability — WP VRCWE-79 6.5 Medium2025-10-27
CVE-2025-12005 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update — WP VR – 360 Panorama and Free Virtual Tour Builder For WordPressCWE-285 4.3 Medium2025-10-25
CVE-2025-6350 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP VR – 360 Panorama and Free Virtual Tour Builder For WordPressCWE-79 6.4 Medium2025-06-28
CVE-2025-47452 WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability — WP VRCWE-434 9.9 Critical2025-06-17
CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability — WP VRCWE-79 6.5 Medium2025-01-24
CVE-2023-34376 WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability — Change WooCommerce Add To Cart Button TextCWE-862 5.4 Medium2024-12-13
CVE-2024-49680 WordPress WP VR plugin <= 8.5.5 - Broken Access Control vulnerability — WP VRCWE-862 4.3 Medium2024-11-19
CVE-2024-49293 WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability — WP VRCWE-862 4.3 Medium2024-10-21
CVE-2023-52144 WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability — Product Feed ManagerCWE-22 5.5 Medium2024-04-15
CVE-2023-40663 WordPress WP VR Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS) — WP VRCWE-79 7.1 High2023-09-27
CVE-2022-47449 WordPress Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) — Cart Lift – Abandoned Cart Recovery for WooCommerce and EDDCWE-79 7.1 High2023-05-04
CVE-2023-25708 WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF) — WP VR – 360 Panorama and Virtual Tour Builder For WordPressCWE-352 4.3 Medium2023-03-15

This page lists every published CVE security advisory associated with rextheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.