Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Mikado-Themes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting Mikado-Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mikado-Themes operates as a provider of WordPress themes and plugins, primarily targeting e-commerce and general website design. Security audits have identified seventy confirmed Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these vulnerabilities predominantly stem from insufficient input validation and improper access controls, resulting in critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access. While specific high-profile incidents involving widespread data breaches are not widely publicized, the sheer volume of CVEs indicates systemic issues in the development lifecycle. The lack of robust sanitization in theme functions has consistently exposed user data and server integrity to exploitation. This pattern suggests that security testing was not a primary focus during the software’s creation, leaving numerous installations vulnerable to automated attacks and manual exploitation by threat actors seeking to compromise WordPress-based infrastructure.

Top products by Mikado-Themes: PawFriends - Pet Shop and Veterinary WordPress Theme Wanderland Rosebud Dolcino Fleur Fiorello Justicia Innovio Holmes Overton Verdure Cocco Mikado Core Curly LuxeDrive FiveStar Powerlift Backpack Traveler Wilmër TopFit - Fitness and Gym WordPress Theme Emaurri Belfort Amfissa Deston Curly Core TopScorer - Sports WordPress Theme MultiOffice ShiftUp Stål Halstein
CVE IDTitleCVSSSeverityPublished
CVE-2025-67940 WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability — PowerliftCWE-98 8.1 High2026-01-22
CVE-2025-54003 WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability — DepotCWE-98 8.1 High2026-01-22
CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability — CurlyCWE-98 8.1 High2026-01-08
CVE-2025-67935 WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability — OptimizeCWE-98 8.1 High2026-01-08
CVE-2025-67937 WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability — HendonCWE-98 8.1 High2026-01-08
CVE-2025-67934 WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability — WellspringCWE-98 8.1 High2026-01-08
CVE-2025-69034 WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability — LekkerCWE-98 8.1 High2025-12-30
CVE-2025-69030 WordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerability — Backpack TravelerCWE-639 5.4 Medium2025-12-30
CVE-2025-69032 WordPress FiveStar theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — FiveStarCWE-639 5.4 Medium2025-12-30
CVE-2025-67515 WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability — WilmërCWE-98 8.8 High2025-12-09
CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability — PowerliftCWE-862 4.3 Medium2025-12-09
CVE-2025-39467 WordPress Wanderland theme <= 1.7.1 - Local File Inclusion Vulnerability — WanderlandCWE-35 8.1 High2025-11-06
CVE-2025-39466 WordPress Dør theme <= 2.4 - Local File Inclusion Vulnerability — DørCWE-98 8.1 High2025-11-06
CVE-2025-64368 WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability — BardCWE-352 5.4 Medium2025-10-31
CVE-2025-49295 WordPress MediClinic theme <= 2.1 - Local File Inclusion Vulnerability — MediClinicCWE-35 8.1 High2025-06-09
CVE-2025-49296 WordPress GrandPrix theme <= 1.6 - Local File Inclusion Vulnerability — GrandPrixCWE-35 8.1 High2025-06-09
CVE-2025-49297 WordPress Grill and Chow theme <= 1.6 - Local File Inclusion Vulnerability — Grill and ChowCWE-35 8.1 High2025-06-09
CVE-2025-39490 WordPress Backpack Traveler theme <= 2.10.2 - Local File Inclusion Vulnerability — Backpack TravelerCWE-98 8.1 High2025-05-23
CVE-2025-39494 WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability — WilmërCWE-98 8.1 High2025-05-23
CVE-2025-39458 WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability — FotonCWE-98 8.1 High2025-05-19
CVE-2024-12287 Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user — Biagiotti MembershipCWE-287 9.8 Critical2024-12-18

This page lists every published CVE security advisory associated with Mikado-Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.