Browse all 4 CVE security advisories affecting themeinwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Themeinwp develops WordPress themes primarily for commercial and personal websites. Historically, their themes have been associated with multiple remote code execution vulnerabilities, cross-site scripting issues, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The 4 CVEs recorded highlight recurring security concerns, including insecure object injection and authentication bypass weaknesses. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in theme development and regular updates for users to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10051 | Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload — Demo Import KitCWE-434 | 7.2 | High | 2025-10-15 |
| CVE-2024-8790 | Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting — Social Share With Floating BarCWE-79 | 6.1 | Medium | 2024-10-18 |
| CVE-2024-2109 | Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display — Booster ExtensionCWE-862 | 5.3 | Medium | 2024-05-02 |
| CVE-2024-31938 | WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability — NewsXpressCWE-352 | 4.3 | Medium | 2024-04-15 |
This page lists every published CVE security advisory associated with themeinwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.