Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeisle — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting themeisle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by themeisle:Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreMultiple Page Generator Plugin – MPGRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSERedirection for Contact Form 7Visualizer: Tables and Charts Manager for WordPressPPOM for WooCommercePPOM – Product Addons & Custom Fields for WooCommerceMenu Icons by ThemeIsleVisualizerAuto Featured Image (Auto Post Thumbnail)Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsOtter - Gutenberg BlockOrbit Fox by ThemeIsleHestiaWoody ad snippetsDisable Admin Notices – Hide Dashboard NotificationsRobin Image Optimizer – Unlimited Image Optimization & WebP ConverterStripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & SubscriptionsWP Full Stripe FreeCyrliteraAI Chatbot for WordPress – Hyve LiteGoogle Maps Plugin by IntergeoDisable Admin Notices individuallyMPGOtter Blocks PROCloud Templates & Patterns collectionLightStart – Maintenance Mode, Coming Soon and Landing Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability — Woody ad snippetsCWE-94 9.9 Critical2026-03-25
CVE-2026-2410 Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update — Disable Admin Notices – Hide Dashboard NotificationsCWE-352 4.3 Medium2026-02-25
CVE-2026-1319 Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field — Robin Image Optimizer – Unlimited Image Optimization & WebP ConverterCWE-79 6.4 Medium2026-02-05
CVE-2026-1755 Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting — Menu Icons by ThemeIsleCWE-79 6.4 Medium2026-02-03
CVE-2025-14800 Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload — Redirection for Contact Form 7CWE-434 8.1 High2025-12-21
CVE-2025-13794 Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification — Auto Featured Image (Auto Post Thumbnail)CWE-862 4.3 Medium2025-12-16
CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-918 5.8 Medium2025-12-11
CVE-2025-12483 Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection — Visualizer: Tables and Charts Manager for WordPressCWE-89 6.5 Medium2025-12-02
CVE-2025-66069 WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability — PPOM for WooCommerceCWE-862 4.3 Medium2025-11-21
CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2025-11-04
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection — Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & SubscriptionsCWE-89 7.5 High2025-10-25
CVE-2025-11128 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-918 5.0 Medium2025-10-23
CVE-2025-11691 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection — PPOM – Product Addons & Custom Fields for WooCommerceCWE-89 7.5 High2025-10-18
CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload — PPOM – Product Addons & Custom Fields for WooCommerceCWE-434 9.8 Critical2025-10-18
CVE-2025-9562 Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode — Redirection for Contact Form 7CWE-79 6.4 Medium2025-10-18
CVE-2025-58789 WordPress WP Full Stripe Free Plugin <= 8.2.5 - SQL Injection Vulnerability — WP Full Stripe FreeCWE-89 7.6 High2025-09-05
CVE-2025-58593 WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability — Orbit Fox by ThemeIsleCWE-79 6.5 Medium2025-09-03
CVE-2025-55715 WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability — Otter - Gutenberg BlockCWE-201 7.5 High2025-08-20
CVE-2025-8141 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion — Redirection for Contact Form 7CWE-22 8.8 High2025-08-20
CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization — Redirection for Contact Form 7CWE-502 7.5 High2025-08-20
CVE-2025-8145 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection — Redirection for Contact Form 7CWE-502 8.8 High2025-08-20
CVE-2025-53986 WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability — HestiaCWE-862 5.3 Medium2025-07-16
CVE-2025-53254 WordPress Cyrlitera plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability — CyrliteraCWE-352 4.3 Medium2025-06-27
CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability — Orbit Fox by ThemeIsleCWE-79 6.5 Medium2025-03-27
CVE-2025-1065 Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File — Visualizer: Tables and Charts Manager for WordPressCWE-79 6.4 Medium2025-02-19
CVE-2024-10705 Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl — Multiple Page Generator Plugin – MPGCWE-918 5.4 Medium2025-01-26
CVE-2025-24666 WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability — AI Chatbot for WordPress – Hyve LiteCWE-79 5.9 Medium2025-01-24
CVE-2025-24668 WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability — PPOM for WooCommerceCWE-79 5.9 Medium2025-01-24
CVE-2024-13183 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2025-01-10
CVE-2025-0311 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2025-01-10

This page lists every published CVE security advisory associated with themeisle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.