Browse all 4 CVE security advisories affecting themewinter. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Themewinter develops WordPress themes and website templates primarily for small businesses and portfolio sites. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input sanitization. Four CVEs have been recorded, including critical RCE vulnerabilities in theme options and file upload mechanisms. Security researchers have noted consistent patterns of privilege escalation issues due to improper access controls. While no major public breaches have been documented, the cumulative impact of these vulnerabilities has exposed numerous websites to potential compromise, particularly when themes remain unpatched.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39648 | WordPress Eventin plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability — EventinCWE-79 | 5.9 | Medium | 2024-08-01 |
| CVE-2024-37507 | WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability — EventinCWE-79 | 6.5 | Medium | 2024-07-21 |
This page lists every published CVE security advisory associated with themewinter. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.