Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themerex — Vulnerabilities & Security Advisories 125

Browse all 125 CVE security advisories affecting themerex. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeREX operates as a prominent developer of premium WordPress themes and plugins, primarily targeting enterprise and corporate web solutions. Security audits have identified a significant volume of vulnerabilities within its ecosystem, with over 125 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from inadequate input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. The high frequency of these issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and third-party library management. While the company provides support channels, the sheer number of disclosed vulnerabilities highlights persistent challenges in maintaining robust security hygiene across its extensive product portfolio, posing substantial risks to organizations relying on its software infrastructure.

Top products by themerex: Puzzles | WP Magazine / Review with Store WordPress Theme + RTL ThemeREX Addons Mandala Happy Baby Mahogany Translogic Bassein Filmax Dermatology Clinic Healer - Doctor, Clinic & Medical WordPress Theme Bonbon Legrand Global Logistics Printy Muzicon Stargaze Eject Foodie Buisson Motorix S.King Nuts Le Truffe Green Thumb Tiger Claw Law Office RexCoin Vapester Legal Stone Aqualots
CVE IDTitleCVSSSeverityPublished
CVE-2026-27084 WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability — BuissonCWE-502 9.8 Critical2026-03-25
CVE-2026-27082 WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability — Love StoryCWE-502 9.8 Critical2026-03-25
CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability — Work & Travel CompanyCWE-502 9.8 Critical2026-03-25
CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability — ProLinguaCWE-98 8.1 High2026-03-25
CVE-2026-22503 WordPress Nelson theme <= 1.2.0 - Local File Inclusion vulnerability — NelsonCWE-98 8.1 High2026-03-25
CVE-2026-22494 WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability — Good HomesCWE-98 8.1 High2026-03-25
CVE-2026-22324 WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability — MelaniaCWE-98 8.1 High2026-03-20
CVE-2026-28128 WordPress Verse theme <= 1.7.0 - Local File Inclusion vulnerability — VerseCWE-98 8.1 High2026-03-05
CVE-2026-28120 WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability — Dr.PattersonCWE-98 8.1 High2026-03-05
CVE-2026-28107 WordPress Muzicon theme <= 1.9.0 - Local File Inclusion vulnerability — MuziconCWE-98 8.1 High2026-03-05
CVE-2026-28105 WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability — Good EnergyCWE-502 9.8 Critical2026-03-05
CVE-2026-28096 WordPress WealthCo theme <= 2.18 - Local File Inclusion vulnerability — WealthCoCWE-98 8.1 High2026-03-05
CVE-2026-28097 WordPress Artrium theme <= 1.0.14 - Local File Inclusion vulnerability — ArtriumCWE-98 8.1 High2026-03-05
CVE-2026-28098 WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability — Save LifeCWE-98 8.1 High2026-03-05
CVE-2026-28094 WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability — RexCoinCWE-98 8.1 High2026-03-05
CVE-2026-28095 WordPress Marcell theme <= 1.2.14 - Local File Inclusion vulnerability — MarcellCWE-98 8.1 High2026-03-05
CVE-2026-28090 WordPress Gamezone theme <= 1.1.11 - Local File Inclusion vulnerability — GamezoneCWE-98 8.1 High2026-03-05
CVE-2026-28092 WordPress Sounder theme <= 1.3.11 - Local File Inclusion vulnerability — SounderCWE-98 8.1 High2026-03-05
CVE-2026-28089 WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability — DaiquiriCWE-98 8.1 High2026-03-05
CVE-2026-28093 WordPress Ozisti theme <= 1.1.10 - Local File Inclusion vulnerability — OzistiCWE-98 8.1 High2026-03-05
CVE-2026-28091 WordPress Coleo theme <= 1.1.7 - Local File Inclusion vulnerability — ColeoCWE-98 8.1 High2026-03-05
CVE-2026-28086 WordPress Run Gran theme <= 2.0 - Local File Inclusion vulnerability — Run GranCWE-98 8.1 High2026-03-05
CVE-2026-28084 WordPress Bazinga theme <= 1.1.9 - Local File Inclusion vulnerability — BazingaCWE-98 8.1 High2026-03-05
CVE-2026-28085 WordPress Mahogany theme <= 2.9 - Local File Inclusion vulnerability — MahoganyCWE-98 8.1 High2026-03-05
CVE-2026-28087 WordPress Filmax theme <= 1.1.11 - Local File Inclusion vulnerability — FilmaxCWE-98 8.1 High2026-03-05
CVE-2026-28088 WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability — AqualotsCWE-98 8.1 High2026-03-05
CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability — WindsorCWE-98 8.1 High2026-03-05
CVE-2026-28077 WordPress Vapester theme <= 1.1.10 - Local File Inclusion vulnerability — VapesterCWE-98 8.1 High2026-03-05
CVE-2026-28074 WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability — Pizza HouseCWE-502 9.8 Critical2026-03-05
CVE-2026-28068 WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability — RhythmoCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with themerex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.