VYPR
Vendor

designthemes

Products
20
CVEs
14
Across products
14
Status
Private

Products

20

Recent CVEs

14
  • CVE-2026-22473HigMar 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.

  • CVE-2025-69002HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.

  • CVE-2025-68899HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.

  • CVE-2025-67619HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.

  • CVE-2025-60212HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2.

  • CVE-2025-32283HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5.

  • CVE-2025-31634HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.

  • CVE-2026-27386HigMar 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8.

  • CVE-2024-13471HigMar 5, 2025
    risk 0.49cvss 7.5epss 0.01

    The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read…

  • CVE-2025-53423HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through <= 2.6.

  • CVE-2025-31072HigJul 16, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through <= 2.0.

  • CVE-2025-68982MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.

  • CVE-2025-68981MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.

  • CVE-2025-68980MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.