Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

villatheme — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting villatheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Villatheme operates as a provider of WordPress themes and plugins, primarily targeting niche markets such as gaming, streaming, and multimedia content. Security audits reveal a concerning pattern of forty documented Common Vulnerabilities and Exposures (CVEs), indicating systemic weaknesses in the development lifecycle. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, instances of broken access control and privilege escalation have been recorded, allowing unauthorized users to manipulate administrative functions. These flaws frequently arise from outdated codebases and a lack of rigorous security testing before deployment. The high volume of CVEs suggests that Villatheme products pose significant risks to website integrity, potentially enabling attackers to compromise entire server environments through simple exploitation of these known entry points.

Top products by villatheme: Thank You Page Customizer for WooCommerce – Increase Your Sales HAPPY CURCY Thank You Page Customizer for WooCommerce Cart All In One For WooCommerce CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x CURCY - WooCommerce Multi Currency - Currency Switcher Abandoned Cart Recovery for WooCommerce WPBulky WooCommerce Photo Reviews Email Template Customizer for WooCommerce Sales Countdown Timer for WooCommerce and WordPress HAPPY – Helpdesk Support Ticket System Lucky Wheel for WooCommerce – Spin a Sale Lucky Wheel Giveaway COMPE ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin) W2S – Migrate WooCommerce to Shopify Advanced Product Information for WooCommerce WooCommerce Photo Reviews Premium Orders Tracking for WooCommerce CURCY – Multi Currency for WooCommerce Product Size Chart For WooCommerce S2W – Import Shopify to WooCommerce (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability — COMPECWE-639 5.3 Medium2026-04-15
CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — Abandoned Cart Recovery for WooCommerceCWE-79 7.1 High2026-03-25
CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability — WooCommerce Photo ReviewsCWE-80 5.3 Medium2026-02-26
CVE-2025-67977 WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability — HAPPYCWE-862 8.2 High2026-02-20
CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability — Sales Countdown Timer for WooCommerce and WordPressCWE-98 7.5 High2026-02-19
CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting — Cart All In One For WooCommerceCWE-74 7.2 High2026-02-18
CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter — Lucky Wheel GiveawayCWE-94 7.2 High2026-02-11
CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags — Lucky Wheel for WooCommerce – Spin a SaleCWE-94 7.2 High2025-12-30
CVE-2025-68550 WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability — WPBulkyCWE-89 7.6 High2025-12-23
CVE-2025-68556 WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability — HAPPYCWE-862 5.3 Medium2025-12-23
CVE-2025-14581 HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply — HAPPY – Helpdesk Support Ticket SystemCWE-862 4.3 Medium2025-12-13
CVE-2025-66528 WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability — Thank You Page Customizer for WooCommerceCWE-862 4.3 Medium2025-12-09
CVE-2025-49372 WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability — HAPPYCWE-94 10.0 Critical2025-11-06
CVE-2025-64200 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability — Email Template Customizer for WooCommerceCWE-79 5.9 Medium2025-10-29
CVE-2025-47570 WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability — WooCommerce Photo ReviewsCWE-79 7.1 High2025-09-09
CVE-2025-53571 WordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerability — HAPPYCWE-862 6.5 Medium2025-09-05
CVE-2025-30993 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Broken Access Control Vulnerability — Thank You Page Customizer for WooCommerceCWE-862 6.5 Medium2025-08-14
CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability — CURCYCWE-862 5.3 Medium2025-05-16
CVE-2024-13320 CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection — CURCY - WooCommerce Multi Currency - Currency SwitcherCWE-89 7.5 High2025-03-07
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function — CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.xCWE-94 7.3 High2025-02-06
CVE-2024-12861 W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read — W2S – Migrate WooCommerce to ShopifyCWE-73 6.5 Medium2025-01-30
CVE-2025-22803 WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability — Advanced Product Information for WooCommerceCWE-79 6.5 Medium2025-01-09
CVE-2022-46796 WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability — CURCYCWE-862 6.5 Medium2024-12-13
CVE-2024-49283 WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — CURCYCWE-79 7.1 High2024-10-17
CVE-2024-49288 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.9.1 - Cross Site Scripting (XSS) vulnerability — Email Template Customizer for WooCommerceCWE-79 5.9 Medium2024-10-17
CVE-2024-8277 WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation — WooCommerce Photo Reviews PremiumCWE-288 9.8 Critical2024-09-11
CVE-2024-4039 Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution — Orders Tracking for WooCommerceCWE-94 6.5 Medium2024-05-10
CVE-2024-1687 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-862 5.4 Medium2024-02-27
CVE-2024-1686 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-862 4.3 Medium2024-02-27
CVE-2023-50831 WordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) — CURCY – Multi Currency for WooCommerceCWE-79 6.5 Medium2023-12-21

This page lists every published CVE security advisory associated with villatheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.