Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

ThemeREX — Vulnerabilities & Security Advisories 183

Browse all 183 CVE security advisories affecting ThemeREX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThemeREX operates as a prominent developer of premium WordPress themes and plugins, primarily targeting enterprise and corporate web solutions. Security audits have identified a significant volume of vulnerabilities within its ecosystem, with over 125 Common Vulnerabilities and Exposures (CVEs) currently on record. These flaws predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from inadequate input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. The high frequency of these issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and third-party library management. While the company provides support channels, the sheer number of disclosed vulnerabilities highlights persistent challenges in maintaining robust security hygiene across its extensive product portfolio, posing substantial risks to organizations relying on its software infrastructure.

Top products by ThemeREX: ThemeREX Addons Puzzles | WP Magazine / Review with Store WordPress Theme + RTL Hot Coffee Mandala Putter Raider Spirit Mission CopyPress Iona MaxiNet Eros Gita Choreo Deliciosa Medeus Buisson Love Story Work & Travel Company ProLingua Nelson Good Homes Melania Classter Berger Asia Garden Save Life Tuning Dixon Craftis MCKinney's Politics
CVE IDTitleCVSSSeverityPublished
CVE-2025-69167 WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability — ErosCWE-98 8.1 High2026-06-16
CVE-2025-69168 WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability — SpikeCWE-98 8.1 High2026-06-16
CVE-2025-69165 WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability — ChoreoCWE-98 8.1 High2026-06-16
CVE-2025-69162 WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability — GreckoCWE-98 8.1 High2026-06-16
CVE-2025-69163 WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability — WineShopCWE-98 8.1 High2026-06-16
CVE-2025-69159 WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability — PrintoCWE-98 8.1 High2026-06-16
CVE-2025-69160 WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability — GitaCWE-98 8.1 High2026-06-16
CVE-2025-69149 WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability — Top DogCWE-98 8.1 High2026-06-16
CVE-2025-69150 WordPress Medeus theme <= 1.14 - Local File Inclusion vulnerability — MedeusCWE-98 8.1 High2026-06-16
CVE-2025-69147 WordPress Putter theme <= 1.17 - Local File Inclusion vulnerability — PutterCWE-98 8.1 High2026-06-16
CVE-2025-69143 WordPress Mission theme <= 1.22 - Local File Inclusion vulnerability — MissionCWE-98 8.1 High2026-06-16
CVE-2025-69146 WordPress Dom theme <= 1.24 - Local File Inclusion vulnerability — DomCWE-98 8.1 High2026-06-16
CVE-2025-69142 WordPress Abelle theme <= 1.22 - Local File Inclusion vulnerability — AbelleCWE-98 8.1 High2026-06-16
CVE-2025-69141 WordPress Kelly Young theme <= 1.1.0 - Local File Inclusion vulnerability — Kelly YoungCWE-98 8.1 High2026-06-16
CVE-2025-69125 WordPress Food Drop theme <= 1.3 - Local File Inclusion vulnerability — Food DropCWE-98 8.1 High2026-06-16
CVE-2025-69122 WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability — SeaFood CompanyCWE-502 9.8 Critical2026-06-16
CVE-2025-69124 WordPress Especio theme <= 1.0 - Local File Inclusion vulnerability — EspecioCWE-98 8.1 High2026-06-16
CVE-2025-69121 WordPress Deliciosa theme <= 1.10.0 - Local File Inclusion vulnerability — DeliciosaCWE-98 8.1 High2026-06-16
CVE-2025-69119 WordPress Corbesier theme <= 1.15.0 - Local File Inclusion vulnerability — CorbesierCWE-98 8.1 High2026-06-16
CVE-2025-69118 WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability — CopyPressCWE-98 8.1 High2026-06-16
CVE-2025-69114 WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability — MaxiNetCWE-98 8.1 High2026-06-16
CVE-2025-69116 WordPress Iona theme <= 1.0.8 - Local File Inclusion vulnerability — IonaCWE-98 8.1 High2026-06-16
CVE-2025-69113 WordPress Nexio theme <= 1.10.0 - Local File Inclusion vulnerability — NexioCWE-98 8.1 High2026-06-16
CVE-2025-69109 WordPress Raider Spirit theme <= 1.1.2 - Local File Inclusion vulnerability — Raider SpiritCWE-98 8.1 High2026-06-16
CVE-2025-69112 WordPress Planty theme <= 1.14.0 - Local File Inclusion vulnerability — PlantyCWE-98 8.1 High2026-06-16
CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability — Hot CoffeeCWE-502 9.8 Critical2026-06-16
CVE-2025-69105 WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability — ModerneeCWE-98 8.1 High2026-06-16
CVE-2025-69107 WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability — RosaleenCWE-98 8.1 High2026-06-16
CVE-2026-27084 WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability — BuissonCWE-502 9.8 Critical2026-03-25
CVE-2026-27082 WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability — Love StoryCWE-502 9.8 Critical2026-03-25

This page lists every published CVE security advisory associated with ThemeREX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.