Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themesgrove — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting themesgrove. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themesgrove develops WordPress themes and website templates for businesses and content creators. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Six CVEs have been recorded, with vulnerabilities including stored XSS in theme options and RCE through file upload mechanisms. Security researchers have noted inconsistent sanitization practices across their theme portfolio. While no major public breaches have been attributed to Themesgrove, their recurring vulnerability patterns highlight ongoing challenges in secure coding practices within the WordPress theme ecosystem.

Top products by themesgrove: WidgetKit Onepage Builder Download Manager and Payment Form WordPress Plugin – WP SmartPay WidgetKit Pro
CVE IDTitleCVSSSeverityPublished
CVE-2025-46494 WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability — WidgetKit ProCWE-79 7.1 High2026-01-07
CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure — Download Manager and Payment Form WordPress Plugin – WP SmartPayCWE-200 4.3 Medium2025-05-07
CVE-2024-37428 WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — WidgetKitCWE-79 6.5 Medium2024-07-22
CVE-2024-34548 WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability — WidgetKitCWE-79 6.5 Medium2024-05-08
CVE-2024-33908 WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability — WidgetKitCWE-862 5.3 Medium2024-05-06
CVE-2023-38391 WordPress Onepage Builder – Easiest Landing Page Builder For WordPress Plugin <= 2.4.1 is vulnerable to SQL Injection — Onepage BuilderCWE-89 6.7 Medium2023-11-03

This page lists every published CVE security advisory associated with themesgrove. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.