Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Jthemes — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Jthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Jthemes develops WordPress themes and website templates, primarily serving small businesses and personal websites. Historically, their products have frequently contained cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, the 10 CVEs attributed to their products highlight consistent security shortcomings. These vulnerabilities typically allow attackers to execute arbitrary code, steal session cookies, or gain elevated access, posing significant risks to unpatched installations. Security researchers have noted that many issues remain present across multiple theme versions, indicating systemic weaknesses in their development and testing processes.

Top products by Jthemes: xSmart Prestige imEvent Sale! Immigration law, Visa services support, Migration Agent Consulting Genemy Exzo Themebox - Digital Products Ecommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-52747 WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — Themebox - Digital Products EcommerceCWE-79 7.1 High2026-05-27
CVE-2025-69393 WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability — ExzoCWE-862 7.5 High2026-02-20
CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability — PrestigeCWE-502 9.8 Critical2026-02-20
CVE-2025-69330 WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — PrestigeCWE-79 7.1 High2026-02-20
CVE-2025-54002 WordPress xSmart theme <= 1.2.9.4 - Broken Access Control vulnerability — xSmartCWE-862 6.5 Medium2026-01-22
CVE-2025-50007 WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability — xSmartCWE-266 8.8 High2026-01-22
CVE-2025-50006 WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability — xSmartCWE-79 7.1 High2026-01-22
CVE-2025-59138 WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability — GenemyCWE-918 4.9 Medium2025-12-31
CVE-2025-59134 WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability — Sale! Immigration law, Visa services support, Migration Agent ConsultingCWE-266 8.8 High2025-12-18
CVE-2025-58243 WordPress imEvent Theme <= 3.4.0 - Broken Access Control Vulnerability — imEventCWE-862 5.3 Medium2025-11-06
CVE-2025-62936 WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability — xSmartCWE-80 4.3 Medium2025-10-27

This page lists every published CVE security advisory associated with Jthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.