Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeisle — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting themeisle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeisle operates as a developer of WordPress plugins and themes, primarily offering free and premium tools for site optimization, SEO, and design. Its extensive portfolio has historically been associated with a significant volume of security vulnerabilities, currently totaling 86 recorded CVEs. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and unauthenticated remote code execution (RCE), often stemming from insufficient input validation and weak access controls within plugin code. Notable incidents include critical RCE vulnerabilities in popular plugins like OceanWP and Zakra, which allowed attackers to execute arbitrary commands on compromised servers. The high frequency of these issues highlights systemic challenges in maintaining rigorous security standards across a large, diverse suite of open-source and commercial web components, necessitating frequent updates and strict adherence to secure coding practices to mitigate risks for end-users.

Top products by themeisle: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Multiple Page Generator Plugin – MPG RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Redirection for Contact Form 7 Visualizer: Tables and Charts Manager for WordPress PPOM for WooCommerce PPOM – Product Addons & Custom Fields for WooCommerce Menu Icons by ThemeIsle Visualizer Auto Featured Image (Auto Post Thumbnail) Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts Otter - Gutenberg Block Orbit Fox by ThemeIsle Hestia Woody ad snippets Disable Admin Notices – Hide Dashboard Notifications Robin Image Optimizer – Unlimited Image Optimization & WebP Converter Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions WP Full Stripe Free Cyrlitera AI Chatbot for WordPress – Hyve Lite Google Maps Plugin by Intergeo Disable Admin Notices individually MPG Otter Blocks PRO Cloud Templates & Patterns collection LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2025-0311 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2025-01-10
CVE-2024-37467 WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability — HestiaCWE-352 4.3 Medium2025-01-02
CVE-2023-39920 WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability — Redirection for Contact Form 7CWE-862 7.5 High2024-12-13
CVE-2024-11219 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-22 5.3 Medium2024-11-27
CVE-2024-52420 WordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability — Disable Admin Notices individuallyCWE-352 4.3 Medium2024-11-19
CVE-2024-51671 WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability — Otter - Gutenberg BlockCWE-862 2.7 Low2024-11-19
CVE-2024-10672 Multiple Page Generator Plugin – MPG <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion — Multiple Page Generator Plugin – MPGCWE-73 2.7 Low2024-11-12
CVE-2024-10367 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-11-01
CVE-2024-7424 Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization — Multiple Page Generator Plugin – MPGCWE-284 5.4 Medium2024-11-01
CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability — MPGCWE-89 8.5 High2024-10-20
CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-08-22
CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-06-22
CVE-2024-3105 Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution — Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsCWE-94 9.9 Critical2024-06-15
CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability — PPOM for WooCommerceCWE-74 5.3 Medium2024-06-10
CVE-2024-35682 WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability — Otter Blocks PROCWE-200 4.3 Medium2024-06-08
CVE-2024-35736 WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability — VisualizerCWE-89 8.5 High2024-06-08
CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery — Auto Featured Image (Auto Post Thumbnail)CWE-918 6.4 Medium2024-05-31
CVE-2024-4635 Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — Menu Icons by ThemeIsleCWE-79 6.4 Medium2024-05-16
CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution — Visualizer: Tables and Charts Manager for WordPressCWE-862 8.8 High2024-05-16
CVE-2024-3725 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-05-02
CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file — PPOM – Product Addons & Custom Fields for WooCommerceCWE-434 9.8 Critical2024-04-26
CVE-2023-6805 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF) — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-918 6.4 Medium2024-04-17
CVE-2024-31301 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability — Multiple Page Generator Plugin – MPGCWE-352 5.4 Medium2024-04-12
CVE-2024-3344 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-434 6.4 Medium2024-04-11
CVE-2024-3343 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-04-11
CVE-2024-2226 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-20 6.4 Medium2024-04-09
CVE-2023-6877 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-79 6.4 Medium2024-04-07
CVE-2024-27951 WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability — Multiple Page Generator Plugin – MPGCWE-434 9.1 Critical2024-04-03
CVE-2024-2841 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-03-29
CVE-2024-30235 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability — Multiple Page Generator Plugin – MPGCWE-862 4.3 Medium2024-03-26

This page lists every published CVE security advisory associated with themeisle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.