Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themefic — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting themefic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themefic operates as a provider of WordPress themes and plugins, primarily targeting small to medium-sized businesses seeking pre-designed web templates. Security audits reveal a concerning pattern of thirty-six recorded Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in code quality and input validation. Historically, the platform has been susceptible to critical vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. These flaws often stem from insufficient sanitization of user inputs and improper handling of file uploads, allowing attackers to execute arbitrary commands or steal session data. Additionally, instances of privilege escalation have been documented, enabling unauthorized users to gain administrative access. While specific major incidents involving widespread data breaches are not prominently detailed in public records, the high volume of CVEs suggests a persistent need for rigorous security patching and code review processes to mitigate ongoing risks for dependent websites.

Found 2 results / 36Clear Filters
Top products by themefic: Ultimate Addons for Contact Form 7 Tourfic Hydra Booking Ultra Addons for Contact Form 7 Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin Instantio BEAF Travelfic Toolkit Hydra Booking — Appointment Scheduling & Booking Calendar Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
CVE IDTitleCVSSSeverityPublished
CVE-2025-12788 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass — Hydra Booking — Appointment Scheduling & Booking CalendarCWE-602 5.3 Medium2025-11-11
CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation — Hydra Booking — Appointment Scheduling & Booking CalendarCWE-330 5.3 Medium2025-11-11

This page lists every published CVE security advisory associated with themefic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.