Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThemeREX — Vulnerabilities & Security Advisories 125

Browse all 125 CVE security advisories affecting ThemeREX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by ThemeREX:Puzzles | WP Magazine / Review with Store WordPress Theme + RTLThemeREX AddonsMandalaHappy BabyMahoganyTranslogicBasseinFilmaxDermatology ClinicHealer - Doctor, Clinic & Medical WordPress ThemeBonbonLegrandGlobal LogisticsPrintyMuziconStargazeEjectFoodieBuissonMotorixS.KingNutsLe TruffeGreen ThumbTiger ClawLaw OfficeRexCoinVapesterLegal StoneAqualots
CVE IDTitleCVSSSeverityPublished
CVE-2026-27988 WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability — EquadioCWE-98 9.1 -2026-03-05
CVE-2026-27989 WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability — QuanzoCWE-98 9.1 -2026-03-05
CVE-2026-27986 WordPress OsTende theme <= 1.4.3 - Local File Inclusion vulnerability — OsTendeCWE-98 9.1 -2026-03-05
CVE-2026-27985 WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability — HumanumCWE-98 9.1 -2026-03-05
CVE-2026-27987 WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability — The QleanCWE-98 9.1 -2026-03-05
CVE-2026-27439 WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability — DentarioCWE-502 9.8 -2026-03-05
CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability — Tennis ClubCWE-502 9.8 -2026-03-05
CVE-2026-27438 WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability — KinglerCWE-502 9.8 -2026-03-05
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability — Equestrian CentreCWE-502 9.8 -2026-03-05
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability — SolarisCWE-502 9.8 -2026-03-05
CVE-2026-22452 WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability — HoverexCWE-98 9.1 -2026-03-05
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability — Pets ClubCWE-502 9.8 -2026-03-05
CVE-2026-22443 WordPress Alliance theme <= 3.1.1 - Local File Inclusion vulnerability — AllianceCWE-98 9.1 -2026-03-05
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability — ClassterCWE-502 9.8 -2026-03-05
CVE-2025-53335 WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability — BergerCWE-98 9.1 -2026-03-05
CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability — Lorem Ipsum | Books & Media StoreCWE-502 9.8AICriticalAI2026-02-20
CVE-2025-69406 WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability — FreightCoCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability — Extreme StoreCWE-502 9.8AICriticalAI2026-02-20
CVE-2025-69402 WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability — R&FCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69399 WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability — CobbleCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69400 WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability — YokooCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69398 WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability — PlankCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69397 WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability — TintCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69395 WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability — GableCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69396 WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability — SplendourCWE-98 9.1AICriticalAI2026-02-20
CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability — Sound | Musical Instruments Online StoreCWE-502 9.8AICriticalAI2026-01-22
CVE-2025-69081 WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability — HopeCWE-98 8.1 High2026-01-07
CVE-2025-49890 WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability — Organic BeautyCWE-502 9.8 Critical2025-08-20
CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function — ThemeREX AddonsCWE-79 6.4 Medium2025-07-19
CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection — Education Center | LMS & Online Courses WordPress ThemeCWE-502 9.8 Critical2025-07-02

This page lists every published CVE security advisory associated with ThemeREX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.