Browse all 3 CVE security advisories affecting studiopress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
StudioPress develops WordPress themes and frameworks, primarily for building professional websites. Historically, their products have faced vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the three CVEs on record highlight persistent security challenges in their theme architecture. Their Genesis framework, in particular, has had multiple flaws related to file permissions and unsanitized parameters, allowing potential attackers to manipulate site functionality or extract sensitive data. Security researchers have noted that some vulnerabilities remained unpatched for extended periods before official updates were released.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10737 | Open Source Genesis Framework <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Open Source Genesis FrameworkCWE-79 | 6.4 | Medium | 2025-10-25 |
This page lists every published CVE security advisory associated with studiopress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.