Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themelocation — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting themelocation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themelocation develops WordPress themes and website templates for businesses and individuals. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and insecure file handling. Privilege escalation vulnerabilities have also been common in their admin interfaces. With 8 CVEs on record, their security track record shows recurring issues in sanitization and access control. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Their themes' widespread use increases potential impact when vulnerabilities are discovered.

Top products by themelocation: Custom WooCommerce Checkout Fields Editor Remove Add to Cart WooCommerce Woo Products Widgets For Elementor Change Cart button Colors WooCommerce WP Popup Magic
CVE IDTitleCVSSSeverityPublished
CVE-2025-13900 WP Popup Magic <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute — WP Popup MagicCWE-79 6.4 Medium2026-01-09
CVE-2025-58799 WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability — Custom WooCommerce Checkout Fields EditorCWE-352 4.3 Medium2025-09-05
CVE-2025-52783 WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability — Change Cart button Colors WooCommerceCWE-352 7.1 High2025-06-20
CVE-2024-43271 WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.0 - Local File Inclusion vulnerability — Woo Products Widgets For ElementorCWE-22 8.5 High2024-08-19
CVE-2024-33956 WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability — Custom WooCommerce Checkout Fields EditorCWE-862 4.3 Medium2024-05-02
CVE-2024-30518 WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability — Custom WooCommerce Checkout Fields EditorCWE-352 4.3 Medium2024-03-29
CVE-2024-1697 Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Custom WooCommerce Checkout Fields EditorCWE-79 6.4 Medium2024-03-23
CVE-2023-46629 WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) — Remove Add to Cart WooCommerceCWE-352 4.3 Medium2023-11-13

This page lists every published CVE security advisory associated with themelocation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.