Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

imithemes — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting imithemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by imithemes:Eventer - WordPress Event & Booking Manager PluginEventerReal Spaces - WordPress Properties Directory ThemeIMITHEMES ListingGaea
CVE IDTitleCVSSSeverityPublished
CVE-2026-32518 WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability — GaeaCWE-79 6.1 -2026-03-25
CVE-2025-6758 Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' — Real Spaces - WordPress Properties Directory ThemeCWE-269 9.8 Critical2025-08-19
CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' — Real Spaces - WordPress Properties Directory ThemeCWE-269 8.8 High2025-08-19
CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability — EventerCWE-94 6.5 Medium2025-08-14
CVE-2025-39481 WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability — EventerCWE-89 9.3 Critical2025-05-16
CVE-2025-39482 WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability — EventerCWE-862 4.3 Medium2025-05-16
CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset — IMITHEMES ListingCWE-620 9.8 Critical2025-05-09
CVE-2025-0959 Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id — Eventer - WordPress Event & Booking Manager PluginCWE-564 8.8 High2025-03-07
CVE-2025-22635 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability — EventerCWE-79 7.1 High2025-02-23
CVE-2024-11134 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export — Eventer - WordPress Event & Booking Manager PluginCWE-862 4.3 Medium2025-02-03
CVE-2024-11132 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Eventer - WordPress Event & Booking Manager PluginCWE-79 6.4 Medium2025-02-03
CVE-2024-11133 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download — Eventer - WordPress Event & Booking Manager PluginCWE-862 5.3 Medium2025-02-03
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees — Eventer - WordPress Event & Booking Manager PluginCWE-89 7.5 High2025-01-28
CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read — Eventer - WordPress Event & Booking Manager PluginCWE-22 6.5 Medium2025-01-17

This page lists every published CVE security advisory associated with imithemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.