Browse all 3 CVE security advisories affecting voidthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Voidthemes develops WordPress themes and templates for website creation. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. The three CVEs on record highlight these recurring security weaknesses, with multiple instances allowing attackers to execute arbitrary code or compromise user accounts. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in their development lifecycle. Their themes remain popular despite these concerns, indicating that security considerations may not be prioritized in their core business model.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62094 | WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability — Void Elementor WHMCS Elements For Elementor Page BuilderCWE-79 | 6.5 | Medium | 2025-12-22 |
| CVE-2023-48750 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability — Void Elementor Post Grid Addon for Elementor Page builderCWE-862 | 5.3 | Medium | 2024-12-09 |
| CVE-2024-5419 | Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute — Void Contact Form 7 Widget For Elementor Page BuilderCWE-79 | 6.4 | Medium | 2024-07-02 |
This page lists every published CVE security advisory associated with voidthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.