ThemeMove — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting ThemeMove. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-25027	WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability — UnicampCWE-98	9.1^AI	Critical^AI	2026-02-03
CVE-2025-22708	WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability — MitechCWE-98	8.1	High	2026-01-08
CVE-2025-22707	WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability — MoodyCWE-98	8.1	High	2026-01-08
CVE-2025-14430	WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability — BrookCWE-98	8.1	High	2026-01-08
CVE-2025-14429	WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability — AeroLandCWE-98	8.1	High	2026-01-08
CVE-2025-60069	WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability — MinimogWPCWE-98	8.1	High	2025-12-18
CVE-2025-68061	WordPress EduMall theme <= 4.4.7 - Local File Inclusion vulnerability — EduMallCWE-98	7.5	High	2025-12-16
CVE-2025-68062	WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability — MinimogWPCWE-98	8.1^AI	High^AI	2025-12-16
CVE-2025-59557	WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability — Learts AddonsCWE-89	9.3	Critical	2025-10-22
CVE-2025-59564	WordPress EduMall Theme < 4.4.5 - Local File Inclusion Vulnerability — EduMallCWE-98	9.1^AI	Critical^AI	2025-10-22
CVE-2025-59555	WordPress Medizin Theme < 1.9.7 - Local File Inclusion Vulnerability — MedizinCWE-98	9.1^AI	Critical^AI	2025-10-22
CVE-2025-59558	WordPress Billey Theme < 2.1.6 - Local File Inclusion Vulnerability — BilleyCWE-98	9.1^AI	Critical^AI	2025-10-22
CVE-2025-58967	WordPress Businext theme < 2.4.4 - Local File Inclusion vulnerability — BusinextCWE-98	8.1	High	2025-10-22
CVE-2025-58958	WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability — SmilePureCWE-98	8.1	High	2025-10-22
CVE-2025-53303	WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability — ThemeMove CoreCWE-502	8.8	High	2025-09-09
CVE-2025-58206	WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability — MaxCoachCWE-98	8.1	High	2025-09-05
CVE-2025-58210	WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability — MakeaholicCWE-862	5.3	Medium	2025-09-03
CVE-2025-54700	WordPress Makeaholic Theme <= 1.8.4 - Local File Inclusion Vulnerability — MakeaholicCWE-98	8.1	High	2025-08-14
CVE-2025-54701	WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability — UnicampCWE-98	8.1	High	2025-08-14
CVE-2025-8198	MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation — MinimogWP – The High Converting eCommerce WordPress ThemeCWE-472	7.5	High	2025-07-26
CVE-2025-39474	WordPress Amely theme <= 3.1.4 - SQL Injection vulnerability — AmelyCWE-89	9.3	Critical	2025-06-27
CVE-2025-32309	WordPress Healsoul theme <= 2.2.3 - Local File Inclusion Vulnerability — HealsoulCWE-98	8.1	High	2025-05-23
CVE-2025-32310	WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability — QuickCal - Appointment Booking Calendar for WordPressCWE-352	8.8	High	2025-05-16
CVE-2025-2101	Edumall <= 4.2.4 - Unauthenticated Local File Inclusion — EduMall - Professional LMS Education Center WordPress ThemeCWE-98	8.1	High	2025-04-26
CVE-2024-13790	MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion — MinimogWP – The High Converting eCommerce WordPress ThemeCWE-98	9.8	Critical	2025-03-19

This page lists every published CVE security advisory associated with ThemeMove. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

ThemeMove — Vulnerabilities & Security Advisories 25