Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeisle — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting themeisle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by themeisle:Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreMultiple Page Generator Plugin – MPGRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSERedirection for Contact Form 7Visualizer: Tables and Charts Manager for WordPressPPOM for WooCommercePPOM – Product Addons & Custom Fields for WooCommerceMenu Icons by ThemeIsleVisualizerAuto Featured Image (Auto Post Thumbnail)Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsOtter - Gutenberg BlockOrbit Fox by ThemeIsleHestiaWoody ad snippetsDisable Admin Notices – Hide Dashboard NotificationsRobin Image Optimizer – Unlimited Image Optimization & WebP ConverterStripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & SubscriptionsWP Full Stripe FreeCyrliteraAI Chatbot for WordPress – Hyve LiteGoogle Maps Plugin by IntergeoDisable Admin Notices individuallyMPGOtter Blocks PROCloud Templates & Patterns collectionLightStart – Maintenance Mode, Coming Soon and Landing Page Builder
CVE IDTitleCVSSSeverityPublished
CVE-2024-1499 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-1497 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-2126 Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-03-13
CVE-2024-1323 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-02-27
CVE-2024-1317 RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-89 8.8 High2024-02-20
CVE-2024-1318 RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-862 6.5 Medium2024-02-20
CVE-2024-0508 Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-79 6.4 Medium2024-02-05
CVE-2024-1092 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-284 4.3 Medium2024-02-05
CVE-2024-1162 Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-352 4.3 Medium2024-02-02
CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization — Menu Icons by ThemeIsleCWE-862 5.3 Medium2024-02-02
CVE-2023-7019 LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization — LightStart – Maintenance Mode, Coming Soon and Landing Page BuilderCWE-862 4.3 Medium2024-01-11
CVE-2023-6781 Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & MoreCWE-20 6.4 Medium2024-01-11
CVE-2023-6798 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-862 5.4 Medium2024-01-06
CVE-2023-6801 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-79 6.4 Medium2024-01-06
CVE-2023-47529 WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure — Cloud Templates & Patterns collectionCWE-200 5.3 Medium2023-11-23
CVE-2023-33927 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection — Multiple Page Generator Plugin – MPGCWE-89 9.8 -2023-10-31
CVE-2020-36758 RSS Aggregator by Feedzy <= 3.4.2 - Cross-Site Request Forgery Bypass — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-352 4.3 Medium2023-10-20
CVE-2020-36759 Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass — Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer ScriptsCWE-352 4.3 Medium2023-10-20
CVE-2023-4887 Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Google Maps Plugin by IntergeoCWE-79 6.4 Medium2023-09-12
CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection — Multiple Page Generator Plugin – MPGCWE-89 7.2 High2023-06-09
CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection — Multiple Page Generator Plugin – MPGCWE-352 3.1 Low2023-05-17
CVE-2023-23708 WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) — Visualizer: Tables and Charts Manager for WordPressCWE-79 6.5 Medium2023-05-03
CVE-2022-46848 WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS) — Visualizer: Tables and Charts Manager for WordPressCWE-79 6.5 Medium2023-03-28
CVE-2022-47143 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF) — Multiple Page Generator Plugin – MPGCWE-352 4.3 Medium2023-03-14
CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization — Visualizer: Tables and Charts Manager for WordPressCWE-502 8.8 High2022-07-18

This page lists every published CVE security advisory associated with themeisle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.