All 6 CVE vulnerabilities found in Tourfic, with AI-generated Chinese analysis, references, and POCs.
Vendor: Themefic
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39543 | WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability CWE-862 | 9.1AI | CriticalAI | 2026-04-08 |
| CVE-2025-24650 | WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability CWE-434 | 9.1 | Critical | 2025-01-24 |
| CVE-2024-29134 | WordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.5 | Medium | 2024-03-19 |
| CVE-2024-29135 | WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability CWE-434 | 8.8AI | HighAI | 2024-03-19 |
| CVE-2024-29136 | WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability CWE-502 | 8.5 | High | 2024-03-19 |
| CVE-2024-29137 | WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 | 7.1 | High | 2024-03-19 |
All 6 known CVE vulnerabilities affecting Tourfic with full Chinese analysis, references, and POCs where available.