VillaTheme — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting VillaTheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by VillaTheme:Thank You Page Customizer for WooCommerce – Increase Your Sales HAPPY CURCY Thank You Page Customizer for WooCommerce Cart All In One For WooCommerce CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x CURCY - WooCommerce Multi Currency - Currency Switcher Abandoned Cart Recovery for WooCommerce WPBulky WooCommerce Photo Reviews Email Template Customizer for WooCommerce Sales Countdown Timer for WooCommerce and WordPress HAPPY – Helpdesk Support Ticket System Lucky Wheel for WooCommerce – Spin a Sale Lucky Wheel Giveaway COMPE ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin)W2S – Migrate WooCommerce to Shopify Advanced Product Information for WooCommerce ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce WooCommerce Photo Reviews Premium Orders Tracking for WooCommerce CURCY – Multi Currency for WooCommerce Product Size Chart For WooCommerce S2W – Import Shopify to WooCommerce (WordPress plugin)

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40737	WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability — COMPECWE-639	8.1	-	2026-04-15
CVE-2026-32526	WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — Abandoned Cart Recovery for WooCommerceCWE-79	5.4	-	2026-03-25
CVE-2026-28132	WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability — WooCommerce Photo ReviewsCWE-80	6.1^AI	Medium^AI	2026-02-26
CVE-2025-67977	WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability — HAPPYCWE-862	8.2	High	2026-02-20
CVE-2026-27052	WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability — Sales Countdown Timer for WooCommerce and WordPressCWE-98	9.8^AI	Critical^AI	2026-02-19
CVE-2026-2019	Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting — Cart All In One For WooCommerceCWE-74	7.2	High	2026-02-18
CVE-2025-14541	Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter — Lucky Wheel GiveawayCWE-94	7.2	High	2026-02-11
CVE-2025-14509	Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags — Lucky Wheel for WooCommerce – Spin a SaleCWE-94	7.2	High	2025-12-30
CVE-2025-68550	WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability — WPBulkyCWE-89	7.6	High	2025-12-23
CVE-2025-68556	WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability — HAPPYCWE-862	5.3	Medium	2025-12-23
CVE-2025-14581	HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply — HAPPY – Helpdesk Support Ticket SystemCWE-862	4.3	Medium	2025-12-13
CVE-2025-66528	WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability — Thank You Page Customizer for WooCommerceCWE-862	4.3	Medium	2025-12-09
CVE-2025-49372	WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability — HAPPYCWE-94	8.8	-	2025-11-06
CVE-2025-64200	WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability — Email Template Customizer for WooCommerceCWE-79	5.4^AI	Medium^AI	2025-10-29
CVE-2025-47570	WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability — WooCommerce Photo ReviewsCWE-79	7.1	High	2025-09-09
CVE-2025-53571	WordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerability — HAPPYCWE-862	6.5	Medium	2025-09-05
CVE-2025-30993	WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Broken Access Control Vulnerability — Thank You Page Customizer for WooCommerceCWE-862	6.5	Medium	2025-08-14
CVE-2025-47563	WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability — CURCYCWE-862	5.3	Medium	2025-05-16
CVE-2024-13320	CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection — CURCY - WooCommerce Multi Currency - Currency SwitcherCWE-89	7.5	High	2025-03-07
CVE-2024-13487	CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function — CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.xCWE-94	7.3	High	2025-02-06
CVE-2024-12861	W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read — W2S – Migrate WooCommerce to ShopifyCWE-73	6.5	Medium	2025-01-30
CVE-2025-22803	WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability — Advanced Product Information for WooCommerceCWE-79	6.5	Medium	2025-01-09
CVE-2022-46811	WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF — ALD – Dropshipping and Fulfillment for AliExpress and WooCommerceCWE-862	4.3	Medium	2024-12-13
CVE-2022-46796	WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability — CURCYCWE-862	6.5	Medium	2024-12-13
CVE-2024-49283	WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — CURCYCWE-79	7.1	High	2024-10-17
CVE-2024-49288	WordPress Email Template Customizer for WooCommerce plugin <= 1.2.9.1 - Cross Site Scripting (XSS) vulnerability — Email Template Customizer for WooCommerceCWE-79	5.9	Medium	2024-10-17
CVE-2024-8277	WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation — WooCommerce Photo Reviews PremiumCWE-288	9.8	Critical	2024-09-11
CVE-2024-4039	Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution — Orders Tracking for WooCommerceCWE-94	6.5	Medium	2024-05-10
CVE-2024-1687	Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-862	5.4	Medium	2024-02-27
CVE-2024-1686	Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export — Thank You Page Customizer for WooCommerce – Increase Your SalesCWE-862	4.3	Medium	2024-02-27

This page lists every published CVE security advisory associated with VillaTheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

VillaTheme — Vulnerabilities & Security Advisories 41