Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themefusecom — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting themefusecom. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themefusecom operates as a digital asset marketplace, primarily facilitating the distribution of WordPress themes and plugins for web design customization. This business model inherently exposes users to supply chain risks, as evidenced by the twenty-five recorded Common Vulnerabilities and Exposures (CVEs). Historical analysis reveals a prevalence of critical vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and insecure file handling within the distributed codebases. Privilege escalation flaws have also been documented, allowing unauthorized administrative access. These security deficiencies highlight systemic issues in the review and sanitization processes for third-party extensions. The accumulation of these CVEs suggests a pattern of recurring security lapses rather than isolated incidents, posing significant risks to website integrity and data confidentiality for end-users relying on these assets.

Top products by themefusecom: Brizy – Page Builder Brizy ThemeFuse Maintenance Mode
CVE IDTitleCVSSSeverityPublished
CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value — Brizy – Page BuilderCWE-79 7.2 High2026-05-02
CVE-2026-32408 WordPress Brizy plugin <= 2.7.23 - Broken Access Control vulnerability — BrizyCWE-862 4.3 Medium2026-03-13
CVE-2025-0969 Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function — Brizy – Page BuilderCWE-359 6.5 Medium2025-12-13
CVE-2025-58594 WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability — BrizyCWE-862 4.3 Medium2025-09-03
CVE-2025-4370 Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload — Brizy – Page BuilderCWE-862 5.3 Medium2025-07-29
CVE-2025-32198 WordPress Brizy plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability — BrizyCWE-79 6.5 Medium2025-04-10
CVE-2024-10322 Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Brizy – Page BuilderCWE-79 6.4 Medium2025-02-12
CVE-2024-10960 Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads — Brizy – Page BuilderCWE-434 9.9 Critical2025-02-12
CVE-2024-51645 WordPress ThemeFuse Maintenance Mode plugin <= 1.1.3 - CSRF to Stored XSS vulnerability — ThemeFuse Maintenance ModeCWE-352 7.1 High2024-11-19
CVE-2024-6254 Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery — Brizy – Page BuilderCWE-20 4.3 Medium2024-08-08
CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload — Brizy – Page BuilderCWE-434 8.8 High2024-07-18
CVE-2024-1937 Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification — Brizy – Page BuilderCWE-862 7.1 High2024-07-16
CVE-2024-1164 Brizy – Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality — Brizy – Page BuilderCWE-79 6.4 Medium2024-06-05
CVE-2024-3667 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL — Brizy – Page BuilderCWE-79 7.4 High2024-06-05
CVE-2024-1940 Brizy – Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting — Brizy – Page BuilderCWE-79 7.1 High2024-06-05
CVE-2024-2087 Brizy – Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form — Brizy – Page BuilderCWE-79 7.2 High2024-06-05
CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — Brizy – Page BuilderCWE-79 6.4 Medium2024-06-05
CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization — Brizy – Page BuilderCWE-862 4.3 Medium2024-05-23
CVE-2024-1291 Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting — Brizy – Page BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-1311 Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload — Brizy – Page BuilderCWE-434 8.8 High2024-03-13
CVE-2024-1293 Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting — Brizy – Page BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-1296 Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting — Brizy – Page BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-1165 Brizy – Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal — Brizy – Page BuilderCWE-22 4.3 Medium2024-02-24
CVE-2020-36714 Brizy < 1.0.126 - Authorization Bypass to Settings Updates — Brizy – Page BuilderCWE-285 7.4 High2023-10-20
CVE-2023-2897 Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass — Brizy – Page BuilderCWE-348 3.7 Low2023-06-09

This page lists every published CVE security advisory associated with themefusecom. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.