Browse all 6 CVE security advisories affecting themepassion. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Themepassion develops WordPress themes focused on creative and business websites, with core use cases involving customizable templates for online portfolios and e-commerce platforms. Historically, their themes have been susceptible to multiple cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper capability checks. The six CVEs recorded highlight recurring problems in file handling and user permission management, with some instances allowing unauthenticated attackers to execute arbitrary code or gain elevated access. Their security posture has been inconsistent, with patches sometimes lagging behind disclosure, leaving affected deployments vulnerable to exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49422 | WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability — Support TicketCWE-266 | 9.8 | Critical | 2025-08-20 |
| CVE-2025-49424 | WordPress Support Ticket Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability — Support TicketCWE-79 | 7.1 | High | 2025-08-20 |
This page lists every published CVE security advisory associated with themepassion. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.