Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

DesignThemes — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting DesignThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by DesignThemes:DesignThemes Core FeaturesReservation PluginLMSWeDesignTech Ultimate Booking AddonDesignThemes Directory AddonDesignThemes PortfolioVEDA - MultiPurpose WordPress ThemeLMS Elementor ProDental ClinicOneLifeVivaghKids HeavenWeDesignTech PortfolioDesignThemes Portfolio AddonDesignThemes LMS AddonHomeFix Elementor PortfolioDesignThemes CoreDesignThemes Booking ManagerDesignThemes LMSInsuranceTrissSolar EnergyVEDAKriyaSingle PropertyKnowledge BaseOfiz - WordPress Business Consulting ThemeInvico - WordPress Consulting Business ThemeVisual Art | Gallery WordPress ThemeRed Art
CVE IDTitleCVSSSeverityPublished
CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability — LMS Elementor ProCWE-266 8.8 -2026-03-05
CVE-2026-27390 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking AddonCWE-288 9.8 -2026-03-05
CVE-2026-27388 WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability — DesignThemes Booking ManagerCWE-862 9.1 -2026-03-05
CVE-2026-27385 WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — DesignThemes PortfolioCWE-79 6.1 -2026-03-05
CVE-2026-27386 WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability — DesignThemes Directory AddonCWE-862 7.5 High2026-03-05
CVE-2026-27389 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking AddonCWE-288 9.8 -2026-03-05
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability — Dental ClinicCWE-502 9.8 -2026-03-05
CVE-2025-69302 WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability — DesignThemes Core FeaturesCWE-79 6.1AIMediumAI2026-02-20
CVE-2025-69095 WordPress Reservation Plugin plugin <= 1.7 - Settings Change vulnerability — Reservation PluginCWE-862 6.5 Medium2026-01-22
CVE-2025-69002 WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability — OneLifeCWE-502 8.8AIHighAI2026-01-22
CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability — VivaghCWE-502 9.8AICriticalAI2026-01-22
CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability — Kids HeavenCWE-502 8.8AIHighAI2026-01-22
CVE-2025-68980 WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability — WeDesignTech PortfolioCWE-862 5.3 Medium2025-12-30
CVE-2025-68982 WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability — DesignThemes LMS AddonCWE-862 5.3 Medium2025-12-30
CVE-2025-68981 WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability — HomeFix Elementor PortfolioCWE-862 5.3 Medium2025-12-30
CVE-2025-68977 WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability — DesignThemes Portfolio AddonCWE-79 6.5 Medium2025-12-30
CVE-2025-68978 WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — DesignThemes CoreCWE-79 6.5 Medium2025-12-30
CVE-2025-64221 WordPress Reservation Plugin plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — Reservation PluginCWE-79 6.1AIMediumAI2025-12-18
CVE-2025-13542 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation — DesignThemes LMSCWE-269 9.8 Critical2025-12-02
CVE-2025-60234 WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability — Single PropertyCWE-502 8.8AIHighAI2025-10-22
CVE-2025-60228 WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability — Knowledge BaseCWE-502 8.8AIHighAI2025-10-22
CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability — VEDACWE-502 9.8AICriticalAI2025-10-22
CVE-2025-60215 WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability — KriyaCWE-502 8.8AIHighAI2025-10-22
CVE-2025-53423 WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability — TrissCWE-79 6.1AIMediumAI2025-10-22
CVE-2025-31634 WordPress Insurance theme <= 3.5 - PHP Object Injection Vulnerability — InsuranceCWE-502 8.8AIHighAI2025-10-22
CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability — Solar EnergyCWE-502 8.8AIHighAI2025-10-22
CVE-2025-31072 WordPress Ofiz - Business Consulting Theme plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability — Ofiz - WordPress Business Consulting ThemeCWE-79 7.1 High2025-07-16
CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability — Visual Art | Gallery WordPress ThemeCWE-502 8.8 High2025-07-16
CVE-2025-31427 WordPress Invico - WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerability — Invico - WordPress Consulting Business ThemeCWE-79 7.1 High2025-07-16
CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability — Red ArtCWE-502 8.8 High2025-07-04

This page lists every published CVE security advisory associated with DesignThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.