Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeton — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting themeton. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeton operates as a provider of industrial automation and control system solutions, primarily focusing on SCADA and HMI software for manufacturing and infrastructure sectors. Its software suite has historically been associated with a significant volume of security flaws, currently totaling twenty recorded CVEs. The most prevalent vulnerability classes include remote code execution (RCE) and cross-site scripting (XSS), often stemming from insufficient input validation and improper access controls within its web-based interfaces. Additionally, several incidents involve privilege escalation vulnerabilities that allow unauthenticated users to gain administrative rights. These weaknesses pose critical risks to operational technology environments, potentially enabling attackers to disrupt industrial processes or exfiltrate sensitive data. The concentration of these defects highlights systemic issues in the development lifecycle, necessitating rigorous patch management and network segmentation to mitigate exposure in critical infrastructure deployments.

Top products by themeton: Spare Seven Stars Acerola HotStar – Multi-Purpose Business Theme The Business Rozario Dash The Fashion - Model Agency One Page Beauty Theme FLAP - Business WordPress Theme PressGrid - Frontend Publish Reaction & Multimedia Theme PIMP - Creative MultiPurpose Consult Aid Finag Zuut
CVE IDTitleCVSSSeverityPublished
CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability — FinagCWE-502 9.8 Critical2026-03-19
CVE-2025-60233 WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability — ZuutCWE-502 9.8 Critical2026-03-19
CVE-2025-67617 WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability — Consult AidCWE-502 9.8 Critical2026-01-22
CVE-2025-31067 WordPress Seven Stars theme <= 1.4.4 - Cross Site Scripting (XSS) Vulnerability — Seven StarsCWE-79 7.1 High2025-06-27
CVE-2025-31919 WordPress Spare <= 1.7 - PHP Object Injection Vulnerability — SpareCWE-502 9.8 Critical2025-06-17
CVE-2025-31052 WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untrusted data Vulnerability — The Fashion - Model Agency One Page Beauty ThemeCWE-502 9.8 Critical2025-06-09
CVE-2025-31396 WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability — FLAP - Business WordPress ThemeCWE-502 9.8 Critical2025-06-09
CVE-2025-31398 WordPress PIMP - Creative MultiPurpose <= 1.7 - Deserialization of untrusted data Vulnerability — PIMP - Creative MultiPurposeCWE-502 9.8 Critical2025-06-09
CVE-2025-31429 WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme <= 1.3.1 - Deserialization of untrusted data Vulnerability — PressGrid - Frontend Publish Reaction & Multimedia ThemeCWE-502 9.8 Critical2025-06-09
CVE-2025-31638 WordPress Spare <= 1.7 - Cross Site Scripting (XSS) Vulnerability — SpareCWE-79 7.1 High2025-06-09
CVE-2025-31049 WordPress Dash <= 1.3 - PHP Object Injection Vulnerability — DashCWE-502 9.8 Critical2025-05-23
CVE-2025-31069 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability — HotStar – Multi-Purpose Business ThemeCWE-502 9.8 Critical2025-05-23
CVE-2025-31430 WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability — The BusinessCWE-502 9.8 Critical2025-05-23
CVE-2025-31927 WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability — AcerolaCWE-502 9.8 Critical2025-05-23
CVE-2025-31065 WordPress Rozario <= 1.4 - Broken Access Control Vulnerability — RozarioCWE-862 5.3 Medium2025-05-16
CVE-2025-31066 WordPress Acerola theme <= 1.6.5 - Broken Access Control Vulnerability — AcerolaCWE-862 5.3 Medium2025-05-16
CVE-2025-31068 WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability — Seven StarsCWE-352 4.3 Medium2025-05-16
CVE-2025-31071 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability — HotStar – Multi-Purpose Business ThemeCWE-862 5.3 Medium2025-05-16
CVE-2025-31630 WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability — The BusinessCWE-862 5.3 Medium2025-05-16
CVE-2025-31639 WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability — SpareCWE-352 4.3 Medium2025-05-16

This page lists every published CVE security advisory associated with themeton. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.