Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themifyme — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting themifyme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themifyme operates as a software development firm specializing in WordPress themes and plugins, primarily targeting web designers and content creators seeking customizable site aesthetics. Historically, its products have been associated with a significant volume of security flaws, currently totaling 22 recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate site configurations or execute malicious scripts. These issues frequently arise from outdated codebases and delayed patching cycles, exposing thousands of installations to potential compromise. The accumulation of these defects highlights systemic weaknesses in the development lifecycle, necessitating rigorous security auditing and immediate remediation to protect end-users from exploitation.

Top products by themifyme: Themify Builder Themify Shortcodes Themify Event Post Themify – WooCommerce Product Filter Themify Audio Dock Themify Store Locator Themify Icons Themify Popup Themify Portfolio Post Conditional Menus
CVE IDTitleCVSSSeverityPublished
CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update — Conditional MenusCWE-352 4.3 Medium2026-03-26
CVE-2026-32449 WordPress Themify Event Post plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Themify Event PostCWE-79 6.5 Medium2026-03-13
CVE-2025-67533 WordPress Themify Portfolio Post plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — Themify Portfolio PostCWE-79 7.1 High2025-12-09
CVE-2025-9353 Themify Builder <= 7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themify BuilderCWE-79 6.4 Medium2025-09-24
CVE-2025-58787 WordPress Themify Popup Plugin <= 1.4.2 - Cross Site Scripting (XSS) Vulnerability — Themify PopupCWE-79 6.5 Medium2025-09-05
CVE-2025-49392 WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability — Themify Audio DockCWE-79 5.9 Medium2025-08-20
CVE-2025-49395 WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability — Themify IconsCWE-79 6.5 Medium2025-08-20
CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability — Themify BuilderCWE-862 4.3 Medium2025-08-20
CVE-2025-39581 WordPress Themify Shortcodes plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability — Themify ShortcodesCWE-79 6.5 Medium2025-04-16
CVE-2025-30832 WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Themify Event PostCWE-79 6.5 Medium2025-03-27
CVE-2025-30831 WordPress Themify Event Post Plugin <= 1.3.2 - Local File Inclusion vulnerability — Themify Event PostCWE-98 7.5 High2025-03-27
CVE-2024-13319 Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting — Themify BuilderCWE-79 6.1 Medium2025-01-22
CVE-2024-56239 WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability — Themify Audio DockCWE-79 6.5 Medium2025-01-02
CVE-2024-56216 WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability — Themify BuilderCWE-98 6.5 Medium2024-12-31
CVE-2024-12414 Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery — Themify Store LocatorCWE-352 4.3 Medium2024-12-13
CVE-2024-52423 WordPress Themify Builder plugin <= 7.6.5 - Cross Site Scripting (XSS) vulnerability — Themify BuilderCWE-79 6.5 Medium2024-11-18
CVE-2024-44046 WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability — Themify – WooCommerce Product FilterCWE-79 5.9 Medium2024-10-06
CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting — Themify BuilderCWE-79 6.1 Medium2024-10-05
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication — Themify BuilderCWE-863 4.3 Medium2024-08-22
CVE-2024-6027 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter — Themify – WooCommerce Product FilterCWE-89 9.8 Critical2024-06-21
CVE-2024-4567 Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode — Themify ShortcodesCWE-79 6.4 Medium2024-05-09
CVE-2024-2732 Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themify ShortcodesCWE-79 5.4 Medium2024-03-26

This page lists every published CVE security advisory associated with themifyme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.