Discover Xolo Leap: All the essential features and services modern solopreneurs need to run a borderless business. Run an EU business from anywhere on the planet!
Be informed about the latest WordPress / WooCommerce theme vulnerabilities, identified and reported publicly. With WP Theme CVE JUN 2024, the consequences of a hack are ugly. You will experience major backlash on your domain, costly damage control/recovery, immediate revenue loss with long-term consequences.
It is a -61% DECREASE compared to previous month, as specifically targeted vulnerabilities in WordPress Themes. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WordPress Themes – OR – Hire professionals for a managed Theme migration.
TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability.
CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.
As these files from publicly reported vulnerable themes are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP Theme CVE JUN 2024 category:
| Blocksy Theme | Cross-Site Scripting (XSS) |
| Blocksy Theme | Cross-Site Scripting (XSS) |
| ChaosTheory Theme | Cross-Site Scripting (XSS) |
| Consus Theme | Cross-Site Request Forgery (CSRF) |
| Crafthemes Demo Import | Arbitrary Plugin Installation (BAC) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) via slitems Attribute |
| Divi Theme | DOM-Based Cross-Site Scripting (XSS) |
| Edge Theme | Cross-Site Scripting (XSS) |
| EmpowerWP Theme | Cross-Site Request Forgery (CSRF) |
| Extra Theme | DOM-Based Cross-Site Scripting (XSS) |
| Himalayas Theme | Cross-Site Scripting (XSS) |
| Ketos Theme | Cross-Site Request Forgery (CSRF) |
| Menu Icons by ThemeIsle | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Mindscape Theme | Cross-Site Request Forgery (CSRF) |
| Niveau Theme | Cross-Site Request Forgery (CSRF) |
| Oasis Theme | Cross-Site Request Forgery (CSRF) |
| Porto Theme | Local File Inclusion (LFi) via Post Meta |
| Porto Theme | Unauthenticated Local File Inclusion (LFi) via porto_ajax_posts |
| Porto Theme - Functionality | - Local File Inclusion (LFi) via Shortcode/post meta |
| raindrops Theme | Cross-Site Scripting (XSS) |
| Restaurant and Cafe Theme | Cross-Site Request Forgery (CSRF) |
| Skyline WP Theme | Cross-Site Request Forgery (CSRF) |
| Stockholm Theme | Local File Inclusion (LFi) |
| Stockholm Theme | Unauthenticated Local File Inclusion (LFi) |
| Zeka Theme | Cross-Site Request Forgery (CSRF) |
| WordPress Theme CVE reported in 2023: | 220 |
| WordPress Theme CVE reported in 2024: | 134 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.
