Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

extendthemes — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting extendthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by extendthemes:Colibri Page BuilderKubio AI Page BuilderMaterialisColibri WPHighlightMesmerizeVireo
CVE IDTitleCVSSSeverityPublished
CVE-2026-5427 Kubio AI Page Builder <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes — Kubio AI Page BuilderCWE-862 5.3 Medium2026-04-17
CVE-2025-62751 WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability — VireoCWE-862 4.3 Medium2025-12-31
CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2025-12-19
CVE-2025-11376 Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting — Colibri Page BuilderCWE-79 6.4 Medium2025-12-13
CVE-2025-9560 Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2025-10-11
CVE-2025-8487 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation — Kubio AI Page BuilderCWE-862 5.4 Medium2025-09-19
CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion — Kubio AI Page BuilderCWE-22 9.8 Critical2025-03-28
CVE-2024-13516 Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting — Kubio AI Page BuilderCWE-79 6.1 Medium2025-01-18
CVE-2024-37458 WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability — HighlightCWE-352 4.3 Medium2025-01-02
CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability — MesmerizeCWE-352 4.3 Medium2025-01-02
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library — Colibri Page BuilderCWE-79 6.4 Medium2024-12-04
CVE-2024-39661 WordPress Kubio AI Page Builder plugin <= 2.2.4 - Authenticated Cross Site Scripting (XSS) vulnerability — Kubio AI Page BuilderCWE-79 6.5 Medium2024-08-01
CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update — MaterialisCWE-862 6.5 Medium2024-06-20
CVE-2024-4451 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2024-06-07
CVE-2024-5038 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2024-06-06
CVE-2024-3340 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode — Colibri Page BuilderCWE-79 5.4 Medium2024-05-02
CVE-2024-3337 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-3338 Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting — Colibri Page BuilderCWE-79 4.4 Medium2024-05-02
CVE-2024-2839 Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting — Colibri Page BuilderCWE-79 6.4 Medium2024-04-02
CVE-2024-28004 WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability — Colibri Page BuilderCWE-862 5.4 Medium2024-03-28
CVE-2024-1870 Colibri Page Builder <= 1.0.260 - Missing Authorization — Colibri Page BuilderCWE-862 4.3 Medium2024-03-09
CVE-2024-1360 Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation — Colibri WPCWE-352 4.3 Medium2024-02-23
CVE-2024-1362 Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh — Colibri Page BuilderCWE-352 4.3 Medium2024-02-23
CVE-2024-1361 Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via extend_builder — Colibri Page BuilderCWE-352 4.3 Medium2024-02-23
CVE-2023-6988 Colibri Page Builder <= 1.0.239 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Colibri Page BuilderCWE-79 6.4 Medium2024-01-11
CVE-2023-50833 WordPress Colibri Page Builder Plugin <= 1.0.239 is vulnerable to Cross Site Scripting (XSS) — Colibri Page BuilderCWE-79 6.5 Medium2023-12-21
CVE-2023-2188 Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id — Colibri Page BuilderCWE-89 7.2 High2023-08-31
CVE-2019-25142 Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update — MaterialisCWE-862 8.8 High2023-06-07

This page lists every published CVE security advisory associated with extendthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.