WP Theme CVE AUG 2024: 47 Premium Hack risk

Be informed about the latest WordPress / WooCommerce theme vulnerabilities, identified and reported publicly. WP Theme CVE AUG 2024 is a -20% DECREASE compared to previous month, as specifically targeted Theme vulnerabilities.

With WP Theme CVE AUG 2024, the consequences of a hack are ugly. You will experience major backlash on your domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WordPress Themes – OR – Hire professionals for a managed Theme migration.

What is CVE?

TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability.

CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.

WP Theme CVE AUG 2024

As these files from publicly reported vulnerable themes are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP Theme CVE AUG 2024 category:

Ashe Theme	Cross-Site Request Forgery (CSRF)
Bakes And Cakes Theme	Broken Access Control (BAC) on Notice Dismissal
Bard Theme	Cross-Site Request Forgery (CSRF)
Basil Theme	Cross-Site Scripting (XSS)
Blocksy Theme	Cross-Site Request Forgery (CSRF)
BookYourTravel Theme	Privilege Escalation (BAC)
Boot Store Theme	Cross-Site Scripting (XSS) via Button Shortcode
BuddyBoss Theme Theme	Cross-Site Request Forgery (CSRF)
Business One Page Theme	Broken Access Control (BAC) on Notice Dismissal
Construction Landing Page Theme	Cross-Site Request Forgery (CSRF)
counterpoint Theme	Cross-Site Scripting (XSS)
CoziPress Theme	Cross-Site Scripting (XSS)
Edubin Theme	Server-Side Request Forgery (SSRF)
Goya Theme	Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters
Hestia Theme	Cross-Site Request Forgery (CSRF)
Highlight Theme	Cross-Site Request Forgery (CSRF)
Himalayas Theme	Cross-Site Scripting (XSS)
Himer Theme	Cross-Site Scripting (XSS)
Himer Theme	Multiple Cross-Site Request Forgery (CSRF)
Houzez Theme Functionality	SQL Injection (SQLi)
iamaze Theme	Cross-Site Request Forgery (CSRF)
itransform Theme	Cross-Site Request Forgery (CSRF)
Jobmonster Theme	Unauthenticated Arbitrary File Deletion (BAC)
Jobmonster Theme	Unauthenticated Privilege Escalation (BAC)
Lawyer Landing Page Theme	Cross-Site Request Forgery (CSRF)
ListingPro Theme	Cross-Site Request Forgery (CSRF) to Account Takeover
ListingPro Theme	Local File Inclusion (LFi)
ListingPro Theme	Unauthenticated SQL Injection (SQLi)
Metro Magazine Theme	Broken Access Control (BAC) on Notice Dismissal
Newsmatic Theme	Broken Access Control (BAC)
Oceanic Theme	Cross-Site Request Forgery (CSRF)
OnePress Theme	Cross-Site Scripting (XSS)
Patricia Blog Theme	Cross-Site Request Forgery (CSRF)
Patricia Lite Theme	Cross-Site Request Forgery (CSRF)
Point Theme	Cross-Site Request Forgery (CSRF)
Popularis Verse Theme	Cross-Site Request Forgery (CSRF)
Posterity Theme	Cross-Site Request Forgery (CSRF)
Rara Business Theme	Cross-Site Request Forgery (CSRF)
Responsive Mobile Theme	Cross-Site Scripting (XSS)
Rife Free Theme	Cross-Site Request Forgery (CSRF)
SmartMag Theme	Private Data Exposure via Log File
SociallyViral Theme	Cross-Site Request Forgery (CSRF)
Trendy News Theme	Cross-Site Request Forgery (CSRF)
Woffice Theme	Cross-Site Scripting (XSS)
WS Theme Addons	Malicious polyfill.io Embed
zBench Theme	Cross-Site Scripting (XSS)
Zenon Lite Theme	Cross-Site Scripting (XSS) via Button Shortcode

WordPress Theme CVE reported in 2023:	220
WordPress Theme CVE reported in 2024:	240