Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeisle — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting themeisle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by themeisle:Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreMultiple Page Generator Plugin – MPGRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSERedirection for Contact Form 7Visualizer: Tables and Charts Manager for WordPressPPOM for WooCommercePPOM – Product Addons & Custom Fields for WooCommerceMenu Icons by ThemeIsleVisualizerAuto Featured Image (Auto Post Thumbnail)Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsOtter - Gutenberg BlockOrbit Fox by ThemeIsleHestiaWoody ad snippetsDisable Admin Notices – Hide Dashboard NotificationsRobin Image Optimizer – Unlimited Image Optimization & WebP ConverterStripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & SubscriptionsWP Full Stripe FreeCyrliteraAI Chatbot for WordPress – Hyve LiteGoogle Maps Plugin by IntergeoDisable Admin Notices individuallyMPGOtter Blocks PROCloud Templates & Patterns collectionLightStart – Maintenance Mode, Coming Soon and Landing Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2024-37467 WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability — HestiaCWE-352 4.3 Medium2025-01-02
CVE-2023-39920 WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability — Redirection for Contact Form 7CWE-862 8.2 -2024-12-13
CVE-2024-11219 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-22 5.3 Medium2024-11-27
CVE-2024-52420 WordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability — Disable Admin Notices individuallyCWE-352 4.3 Medium2024-11-19
CVE-2024-51671 WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability — Otter - Gutenberg BlockCWE-862 2.7 Low2024-11-19
CVE-2024-10672 Multiple Page Generator Plugin – MPG <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion — Multiple Page Generator Plugin – MPGCWE-73 2.7 Low2024-11-12
CVE-2024-10367 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-11-01
CVE-2024-7424 Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization — Multiple Page Generator Plugin – MPGCWE-284 5.4 Medium2024-11-01
CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability — MPGCWE-89 8.5 High2024-10-20
CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-08-22
CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-06-22
CVE-2024-3105 Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution — Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsCWE-94 9.9 Critical2024-06-15
CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability — PPOM for WooCommerceCWE-74 5.3 Medium2024-06-10
CVE-2024-35682 WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability — Otter Blocks PROCWE-200 4.3 Medium2024-06-08
CVE-2024-35736 WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability — VisualizerCWE-89 8.5 High2024-06-08
CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery — Auto Featured Image (Auto Post Thumbnail)CWE-918 6.4 Medium2024-05-31
CVE-2024-4635 Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — Menu Icons by ThemeIsleCWE-79 6.4 Medium2024-05-16
CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution — Visualizer: Tables and Charts Manager for WordPressCWE-862 8.8 High2024-05-16
CVE-2024-3725 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-05-02
CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file — PPOM – Product Addons & Custom Fields for WooCommerceCWE-434 9.8 Critical2024-04-26
CVE-2023-6805 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF) — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-918 6.4 Medium2024-04-17
CVE-2024-31301 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability — Multiple Page Generator Plugin – MPGCWE-352 5.4 Medium2024-04-12
CVE-2024-3344 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-434 6.4 Medium2024-04-11
CVE-2024-3343 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-04-11
CVE-2024-2226 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-20 6.4 Medium2024-04-09
CVE-2023-6877 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-79 6.4 Medium2024-04-07
CVE-2024-27951 WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability — Multiple Page Generator Plugin – MPGCWE-434 9.1 Critical2024-04-03
CVE-2024-2841 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-79 6.4 Medium2024-03-29
CVE-2024-30235 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability — Multiple Page Generator Plugin – MPGCWE-862 4.3 Medium2024-03-26
CVE-2024-27958 WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability — VisualizerCWE-79 7.1 High2024-03-17

This page lists every published CVE security advisory associated with themeisle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.