Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sparklewpthemes — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting sparklewpthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sparklewpthemes develops WordPress themes and website templates, primarily serving small businesses and personal websites. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The company has accumulated 12 CVEs to date, with many stemming from insufficient input validation and improper access controls. Notable incidents include multiple RCE vulnerabilities in their theme options panel and persistent XSS flaws in theme customizer components. Security researchers have consistently identified similar patterns across their theme portfolio, suggesting systemic security gaps in their development practices.

Top products by sparklewpthemes: Sparkle Demo Importer Hello FSE Blog Fitness Park Spark Multipurpose Educenter Appzend Blogger Buzz Kingcabs Sparkle FSE Construction Light Hello FSE Fitness FSE
CVE IDTitleCVSSSeverityPublished
CVE-2026-25394 WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability — Fitness FSECWE-862 4.3 Medium2026-02-19
CVE-2026-25393 WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability — Hello FSECWE-862 4.3 Medium2026-02-19
CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability — Construction LightCWE-862 5.4 Medium2025-12-18
CVE-2025-62961 WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability — Sparkle FSECWE-862 5.4 Medium2025-12-18
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter — KingcabsCWE-79 6.4 Medium2025-12-13
CVE-2025-54680 WordPress Blogger Buzz Theme theme <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability — Blogger BuzzCWE-79 6.5 Medium2025-08-14
CVE-2025-5587 Appzend <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter — AppzendCWE-79 6.4 Medium2025-07-29
CVE-2025-5529 Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — EducenterCWE-79 6.4 Medium2025-07-26
CVE-2025-49970 WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability — Hello FSE BlogCWE-862 4.3 Medium2025-06-20
CVE-2025-50030 WordPress Spark Multipurpose theme <= 1.0.7 - Cross Site Scripting (XSS) Vulnerability — Spark MultipurposeCWE-79 6.5 Medium2025-06-20
CVE-2025-50033 WordPress Fitness Park theme <= 1.1.1 - Cross Site Scripting (XSS) Vulnerability — Fitness ParkCWE-79 6.5 Medium2025-06-20
CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import — Sparkle Demo ImporterCWE-862 6.5 Medium2024-06-21

This page lists every published CVE security advisory associated with sparklewpthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.