Browse all 22 CVE security advisories affecting themifyme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Themifyme operates as a software development firm specializing in WordPress themes and plugins, primarily targeting web designers and content creators seeking customizable site aesthetics. Historically, its products have been associated with a significant volume of security flaws, currently totaling 22 recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate site configurations or execute malicious scripts. These issues frequently arise from outdated codebases and delayed patching cycles, exposing thousands of installations to potential compromise. The accumulation of these defects highlights systemic weaknesses in the development lifecycle, necessitating rigorous security auditing and immediate remediation to protect end-users from exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49392 | WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability — Themify Audio DockCWE-79 | 5.9 | Medium | 2025-08-20 |
| CVE-2024-56239 | WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability — Themify Audio DockCWE-79 | 6.5 | Medium | 2025-01-02 |
This page lists every published CVE security advisory associated with themifyme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.