Browse all 4 CVE security advisories affecting RiceTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RiceTheme is a WordPress theme provider offering templates for websites, primarily used by small businesses and bloggers. Historically, the themes have been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper permission checks. With four CVEs currently on record, RiceTheme has faced scrutiny for security shortcomings. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for users who fail to promptly update their themes. Security researchers recommend regular updates and careful implementation to mitigate these risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-23504 | WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability — Felan FrameworkCWE-288 | 9.8 | Critical | 2026-01-08 |
| CVE-2025-23993 | WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability — Felan FrameworkCWE-89 | 9.3 | Critical | 2026-01-08 |
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions — Felan FrameworkCWE-862 | 5.3 | Medium | 2025-10-16 |
| CVE-2025-10850 | Felan Framework <= 1.1.4 - Hardcoded Credentials — Felan FrameworkCWE-798 | 9.8 | Critical | 2025-10-16 |
This page lists every published CVE security advisory associated with RiceTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.