Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themerex — Vulnerabilities & Security Advisories 125

Browse all 125 CVE security advisories affecting themerex. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeREX operates as a prominent developer of premium WordPress themes and plugins, primarily targeting enterprise and corporate web solutions. Security audits have identified a significant volume of vulnerabilities within its ecosystem, with over 125 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from inadequate input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. The high frequency of these issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and third-party library management. While the company provides support channels, the sheer number of disclosed vulnerabilities highlights persistent challenges in maintaining robust security hygiene across its extensive product portfolio, posing substantial risks to organizations relying on its software infrastructure.

Top products by themerex: Puzzles | WP Magazine / Review with Store WordPress Theme + RTL ThemeREX Addons Mandala Happy Baby Mahogany Translogic Bassein Filmax Dermatology Clinic Healer - Doctor, Clinic & Medical WordPress Theme Bonbon Legrand Global Logistics Printy Muzicon Stargaze Eject Foodie Buisson Motorix S.King Nuts Le Truffe Green Thumb Tiger Claw Law Office RexCoin Vapester Legal Stone Aqualots
CVE IDTitleCVSSSeverityPublished
CVE-2026-28066 WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability — LegrandCWE-98 8.1 High2026-03-05
CVE-2026-28068 WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability — RhythmoCWE-98 8.1 High2026-03-05
CVE-2026-28065 WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability — EjectCWE-98 8.1 High2026-03-05
CVE-2026-28069 WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability — Le TruffeCWE-98 8.1 High2026-03-05
CVE-2026-28062 WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability — Happy BabyCWE-98 8.1 High2026-03-05
CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability — S.KingCWE-98 8.1 High2026-03-05
CVE-2026-28061 WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability — Tiger ClawCWE-98 8.1 High2026-03-05
CVE-2026-28063 WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability — Asia GardenCWE-98 8.1 High2026-03-05
CVE-2026-28064 WordPress Edge Decor theme <= 2.2 - Local File Inclusion vulnerability — Edge DecorCWE-98 8.1 High2026-03-05
CVE-2026-28055 WordPress M.Williamson theme <= 1.2.11 - Local File Inclusion vulnerability — M.WilliamsonCWE-98 8.1 High2026-03-05
CVE-2026-28057 WordPress Mandala theme <= 2.8 - Local File Inclusion vulnerability — MandalaCWE-98 8.1 High2026-03-05
CVE-2026-28059 WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability — Dermatology ClinicCWE-98 8.1 High2026-03-05
CVE-2026-28056 WordPress MCKinney's Politics theme <= 1.2.8 - Local File Inclusion vulnerability — MCKinney's PoliticsCWE-98 8.1 High2026-03-05
CVE-2026-28058 WordPress Dixon theme <= 1.4.2.1 - Local File Inclusion vulnerability — DixonCWE-98 8.1 High2026-03-05
CVE-2026-28054 WordPress Legal Stone theme <= 1.2.11 - Local File Inclusion vulnerability — Legal StoneCWE-98 8.1 High2026-03-05
CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability — Peter MasonCWE-98 8.1 High2026-03-05
CVE-2026-28053 WordPress Miller theme <= 1.3.3 - Local File Inclusion vulnerability — MillerCWE-98 8.1 High2026-03-05
CVE-2026-28051 WordPress Yacht Rental theme <= 2.6 - Local File Inclusion vulnerability — Yacht RentalCWE-98 8.1 High2026-03-05
CVE-2026-28050 WordPress Beacon theme <= 2.24 - Local File Inclusion vulnerability — BeaconCWE-98 8.1 High2026-03-05
CVE-2026-28046 WordPress Law Office theme <= 3.3.0 - Local File Inclusion vulnerability — Law OfficeCWE-98 8.1 High2026-03-05
CVE-2026-28049 WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability — Police DepartmentCWE-98 8.1 High2026-03-05
CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability — N7 | Golf Club Sports & EventsCWE-98 8.1 High2026-03-05
CVE-2026-28043 WordPress Healer - Doctor, Clinic & Medical WordPress Theme theme <= 1.0.0 - Local File Inclusion vulnerability — Healer - Doctor, Clinic & Medical WordPress ThemeCWE-98 9.8 Critical2026-03-05
CVE-2026-28033 WordPress Edifice theme <= 1.8 - Local File Inclusion vulnerability — EdificeCWE-98 8.1 High2026-03-05
CVE-2026-28034 WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability — ProgressCWE-98 8.1 High2026-03-05
CVE-2026-28035 WordPress Printy theme <= 1.8 - Local File Inclusion vulnerability — PrintyCWE-98 8.1 High2026-03-05
CVE-2026-28030 WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability — BonbonCWE-98 8.1 High2026-03-05
CVE-2026-28031 WordPress Invetex theme <= 2.18 - Local File Inclusion vulnerability — InvetexCWE-98 8.1 High2026-03-05
CVE-2026-28032 WordPress Tuning theme <= 1.3 - Local File Inclusion vulnerability — TuningCWE-98 8.1 High2026-03-05
CVE-2026-28027 WordPress Kayon theme <= 1.3 - Local File Inclusion vulnerability — KayonCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with themerex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.