Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Mikado-Themes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting Mikado-Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mikado-Themes operates as a provider of WordPress themes and plugins, primarily targeting e-commerce and general website design. Security audits have identified seventy confirmed Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these vulnerabilities predominantly stem from insufficient input validation and improper access controls, resulting in critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access. While specific high-profile incidents involving widespread data breaches are not widely publicized, the sheer volume of CVEs indicates systemic issues in the development lifecycle. The lack of robust sanitization in theme functions has consistently exposed user data and server integrity to exploitation. This pattern suggests that security testing was not a primary focus during the software’s creation, leaving numerous installations vulnerable to automated attacks and manual exploitation by threat actors seeking to compromise WordPress-based infrastructure.

Top products by Mikado-Themes: PawFriends - Pet Shop and Veterinary WordPress Theme Wanderland Rosebud Dolcino Fleur Fiorello Justicia Innovio Holmes Overton Verdure Cocco Mikado Core Curly LuxeDrive FiveStar Powerlift Backpack Traveler Wilmër TopFit - Fitness and Gym WordPress Theme Emaurri Belfort Amfissa Deston Curly Core TopScorer - Sports WordPress Theme MultiOffice ShiftUp Stål Halstein
CVE IDTitleCVSSSeverityPublished
CVE-2026-52707 WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability — KastellCWE-35 8.1 High2026-06-17
CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability — ZoyaCWE-502 8.1 High2026-06-17
CVE-2026-40757 WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability — ChâteauCWE-502 8.1 High2026-06-17
CVE-2026-40733 WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability — ShiftUpCWE-502 8.1 High2026-06-17
CVE-2026-40753 WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability — EasyMealsCWE-502 8.1 High2026-06-17
CVE-2026-40731 WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability — ChapterOneCWE-98 8.1 High2026-06-17
CVE-2026-39537 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability — Mikado CoreCWE-98 8.1 High2026-06-17
CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability — EsméeCWE-502 8.1 High2026-06-16
CVE-2026-40755 WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability — TechLinkCWE-502 8.1 High2026-06-16
CVE-2026-40739 WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability — LuxeDriveCWE-502 8.1 High2026-06-16
CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability — AshtangaCWE-502 8.1 High2026-06-16
CVE-2026-39538 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability — Mikado CoreCWE-98 7.5 High2026-04-08
CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability — StålCWE-502 5.4 Medium2026-03-25
CVE-2026-32508 WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability — HalsteinCWE-502 5.4 Medium2026-03-25
CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability — RosebudCWE-98 8.1 High2026-03-25
CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability — DestonCWE-98 8.1 High2026-03-25
CVE-2026-27077 WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability — MultiOfficeCWE-98 8.1 High2026-03-25
CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability — LuxeDriveCWE-98 8.1 High2026-03-25
CVE-2026-27079 WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability — AmfissaCWE-98 8.1 High2026-03-25
CVE-2026-27078 WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability — EmaurriCWE-98 8.1 High2026-03-25
CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability — BelfortCWE-98 8.1 High2026-03-25
CVE-2026-27047 WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability — Curly CoreCWE-98 8.1 High2026-03-25
CVE-2026-27342 WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability — TopFit - Fitness and Gym WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-27341 WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability — TopScorer - Sports WordPress ThemeCWE-98 8.1 High2026-03-05
CVE-2026-22457 WordPress Wanderland theme <= 1.5 - Local File Inclusion vulnerability — WanderlandCWE-98 8.1 High2026-03-05
CVE-2026-22429 WordPress Verdure theme <= 1.6 - Local File Inclusion vulnerability — VerdureCWE-98 8.1 High2026-03-05
CVE-2026-22427 WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability — GoTravelCWE-98 8.1 High2026-03-05
CVE-2026-22414 WordPress Marra theme <= 1.2 - Local File Inclusion vulnerability — MarraCWE-98 8.1 High2026-03-05
CVE-2026-22408 WordPress Justicia theme <= 1.2 - Local File Inclusion vulnerability — JusticiaCWE-98 8.1 High2026-03-05
CVE-2026-22412 WordPress Eona theme <= 1.3 - Local File Inclusion vulnerability — EonaCWE-98 8.1 High2026-03-05

This page lists every published CVE security advisory associated with Mikado-Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.