themehunk — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting themehunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32532	WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability — Contact Form & Lead Form Elementor BuilderCWE-79	6.1	-	2026-03-25
CVE-2026-25438	WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gutenberg BlocksCWE-79	7.1	High	2026-03-19
CVE-2026-1454	Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting — Lead Form Builder & Contact FormCWE-79	7.2	High	2026-03-11
CVE-2025-68046	WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability — Contact Form & Lead Form Elementor BuilderCWE-497	7.5^AI	High^AI	2026-01-22
CVE-2025-69344	WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability — Oneline LiteCWE-862	4.3	Medium	2026-01-07
CVE-2025-12040	Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — Wishlist for WooCommerceCWE-639	6.5	Medium	2025-11-25
CVE-2025-62902	WordPress WP Popup Builder plugin <= 1.3.8 - Sensitive Data Exposure vulnerability — WP Popup BuilderCWE-497	5.3	Medium	2025-10-27
CVE-2025-9378	Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes — Vayu Blocks – Website Builder for the Block EditorCWE-79	6.4	Medium	2025-09-03
CVE-2025-52816	WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability — ZitaCWE-98	8.1	High	2025-06-27
CVE-2025-30990	WordPress ThemeHunk plugin <= 1.2.0 - Broken Access Control vulnerability — ThemeHunkCWE-862	4.3	Medium	2025-06-06
CVE-2025-4420	Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter — Vayu Blocks – Website Builder for the Block EditorCWE-79	6.4	Medium	2025-06-03
CVE-2025-2568	Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerceCWE-862	5.3	Medium	2025-04-08
CVE-2025-22644	WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerceCWE-79	6.5	Medium	2025-03-27
CVE-2025-30881	WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability — Big StoreCWE-862	4.3	Medium	2025-03-27
CVE-2024-13511	Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset — Variation Swatches for WooCommerceCWE-352	4.3	Medium	2025-01-23
CVE-2024-54369	WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability — Zita Site BuilderCWE-862	9.1	Critical	2024-12-16
CVE-2024-10124	Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation — Vayu Blocks – Website Builder for the Block EditorCWE-284	9.8	Critical	2024-12-12
CVE-2023-28688	WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability — TH Variation SwatchesCWE-352	5.4	Medium	2024-12-09
CVE-2024-10674	Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — Th Shop ManiaCWE-862	8.8	High	2024-11-09
CVE-2024-10673	Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — Top StoreCWE-862	8.8	High	2024-11-09
CVE-2024-9061	WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add — WP Popup Builder – Popup Forms and Marketing Lead GenerationCWE-94	7.3	High	2024-10-16
CVE-2024-9707	Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation — Hunk CompanionCWE-862	9.8	Critical	2024-10-11
CVE-2024-8433	Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Easy Mega Menu for WordPress – ThemeHunkCWE-79	6.4	Medium	2024-10-08
CVE-2024-8434	Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates — Easy Mega Menu for WordPress – ThemeHunkCWE-862	4.3	Medium	2024-09-25
CVE-2024-44049	WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Authenticated Cross Site Scripting (XSS) vulnerability — Gutenberg BlocksCWE-79	6.5	Medium	2024-09-17
CVE-2024-4261	Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Lead Form Builder & Contact FormCWE-94	5.4	Medium	2024-05-22
CVE-2022-40218	WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability — Advance WordPress Search PluginCWE-862	6.5	Medium	2024-05-08
CVE-2024-1415	Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery — Lead Form Builder & Contact FormCWE-352	4.3	Medium	2024-05-02
CVE-2024-1416	Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization — Lead Form Builder & Contact FormCWE-352	4.3	Medium	2024-05-02
CVE-2022-38057	WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability — Advance WordPress Search PluginCWE-862	6.5	Medium	2024-03-25

This page lists every published CVE security advisory associated with themehunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

themehunk — Vulnerabilities & Security Advisories 31