themeatelier — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting themeatelier. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeatelier is a WordPress theme provider focused on creating professional website templates for businesses and e-commerce platforms. Historically, the company's products have been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS) vulnerabilities, and privilege escalation issues, with 12 CVEs documented to date. Security researchers have identified consistent patterns in input validation and sanitization failures across their theme portfolio. While no major public security incidents have been widely reported, the cumulative number of disclosed vulnerabilities suggests ongoing challenges in secure coding practices, potentially exposing thousands of websites to compromise if not properly maintained and updated.

Top products by themeatelier: IDonatePro IDonate – Blood Donation, Request And Donor Management System Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Better Chat Support for Messenger Chat Help

CVEs 12

CVE ID	Title	CVSS	Severity	Published
CVE-2025-4521	IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function — IDonate – Blood Donation, Request And Donor Management SystemCWE-285	8.8	High	2026-02-19
CVE-2025-60045	WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability — IDonateProCWE-862	7.5	High	2025-12-18
CVE-2025-58938	WordPress IDonatePro plugin <= 2.1.9 - Broken Access Control vulnerability — IDonateProCWE-862	7.5	High	2025-12-18
CVE-2025-66113	WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability — Better Chat Support for MessengerCWE-862	5.3	Medium	2025-11-21
CVE-2025-66099	WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability — Chat HelpCWE-862	5.3	Medium	2025-11-21
CVE-2025-4522	IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function — IDonate – Blood Donation, Request And Donor Management SystemCWE-862	6.5	Medium	2025-11-07
CVE-2025-4519	IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function — IDonate – Blood Donation, Request And Donor Management SystemCWE-285	8.8	High	2025-11-07
CVE-2025-52752	WordPress IDonatePro plugin <= 2.1.9 - Sensitive Data Exposure vulnerability — IDonateProCWE-497	6.5	Medium	2025-10-22
CVE-2025-30635	WordPress IDonatePro <= 2.1.9 - Local File Inclusion Vulnerability — IDonateProCWE-98	8.1	High	2025-08-14
CVE-2025-30639	WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability — IDonateProCWE-862	7.5	High	2025-08-14
CVE-2025-4523	IDonate 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function — IDonate – Blood Donation, Request And Donor Management SystemCWE-200	6.5	Medium	2025-08-01
CVE-2025-5239	Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter — Domain For Sale – Sell Domains with Landing Pages, Offers & InquiriesCWE-79	6.4	Medium	2025-06-06

This page lists every published CVE security advisory associated with themeatelier. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

themeatelier — Vulnerabilities & Security Advisories 12