Browse all 5 CVE security advisories affecting themebon. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Themebon develops WordPress themes and website templates primarily for small businesses and personal blogs. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper sanitization. Themebon has accumulated five CVEs to date, with several critical vulnerabilities allowing attackers to execute arbitrary code or steal sensitive data. Their security posture has been inconsistent, with some vulnerabilities remaining unpatched for extended periods. The company has faced scrutiny for slow response times to reported issues, though no major public security incidents have been documented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-22585 | WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability — Ultimate Image Hover EffectsCWE-79 | 6.5 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with themebon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.