Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themehigh — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting themehigh. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themehigh develops WordPress plugins primarily for form building, popup creation, and page enhancement. Historically, their plugins have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper capability checks. Security researchers have consistently identified multiple critical flaws across their products, with 11 CVEs recorded to date. Their plugins' broad permissions and integration with WordPress core functionality have made them attractive targets for exploitation, with some vulnerabilities allowing complete site compromise. Themehigh's security track record reflects common issues in the WordPress plugin ecosystem, highlighting the risks of insufficient security reviews in third-party extensions.

Top products by themehigh: Payment Gateway of Stripe for WooCommerce Checkout Field Editor (Checkout Manager) for WooCommerce Advanced FAQ Manager Job Manager & Career – Manage job board listings, and recruitments Email Customizer for WooCommerce Checkout Field Editor for WooCommerce (Pro) Dynamic Pricing and Discount Rules Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
CVE IDTitleCVSSSeverityPublished
CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field — Checkout Field Editor (Checkout Manager) for WooCommerceCWE-79 7.2 High2026-03-11
CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content — Email Customizer for WooCommerce | Drag and Drop Email Templates BuilderCWE-79 4.4 Medium2026-01-07
CVE-2025-67556 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability — Advanced FAQ ManagerCWE-79 5.9 Medium2025-12-09
CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability — Advanced FAQ ManagerCWE-79 6.5 Medium2025-12-09
CVE-2025-49077 WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability — Dynamic Pricing and Discount RulesCWE-352 4.3 Medium2025-06-06
CVE-2024-8499 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice — Checkout Field Editor (Checkout Manager) for WooCommerceCWE-79 4.7 Medium2024-10-04
CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability — Checkout Field Editor for WooCommerce (Pro)CWE-22 8.6 High2024-06-10
CVE-2024-32781 WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability — Email Customizer for WooCommerceCWE-200 7.5 High2024-04-24
CVE-2024-0705 Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection — Payment Gateway of Stripe for WooCommerceCWE-89 9.8 Critical2024-01-19
CVE-2023-51545 WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection — Job Manager & Career – Manage job board listings, and recruitmentsCWE-352 9.6 Critical2023-12-29
CVE-2023-3162 Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass — Payment Gateway of Stripe for WooCommerceCWE-288 9.8 Critical2023-08-31

This page lists every published CVE security advisory associated with themehigh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.