Themegoods Themegoods

  1. Vendors
  2. Themegoods

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Themegoods product.

RSS Feeds for Themegoods security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Themegoods products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Themegoods Sorted by Most Security Vulnerabilities since 2018

Themegoods Photography6 vulnerabilities

Themegoods Grand Restaurant5 vulnerabilities

Themegoods Photome3 vulnerabilities

Themegoods Grandblog2 vulnerabilities

Themegoods Grandmagazine2 vulnerabilities

Themegoods Grandrestaurant2 vulnerabilities

Themegoods Grandnews1 vulnerability

Themegoods Starto1 vulnerability

Themegoods Musico1 vulnerability

Themegoods Hoteller1 vulnerability

Themegoods Grandwedding1 vulnerability

Themegoods Grandtour1 vulnerability

Themegoods Grandspa1 vulnerability

Themegoods Grandrestaurant Elementor1 vulnerability

Themegoods Grandportfolio1 vulnerability

Themegoods Altair1 vulnerability

Themegoods Grandconference Custom Post1 vulnerability

Themegoods Grandconference1 vulnerability

Themegoods Grandcarrental1 vulnerability

Themegoods Dotlife1 vulnerability

Themegoods Craftcoffee1 vulnerability

Themegoods Capella1 vulnerability

Themegoods Architecturer1 vulnerability

By the Year

In 2026 there have been 28 vulnerabilities in Themegoods with an average score of 7.3 out of ten. Last year, in 2025 Themegoods had 8 security vulnerabilities published. That is, 20 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.89

Year Vulnerabilities Average Score
2026 28 7.28
2025 8 8.17

It may take a day or so for new Themegoods vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Themegoods Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-39635 Apr 08, 2026
ThemeGoods Grand Magazine <=3.5.5: CSRF via grandmagazine Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.
Grandmagazine
CVE-2026-39632 Apr 08, 2026
ThemeGoods Grand Blog <=3.1 CSRF (grandblog) Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.
Grandblog
CVE-2026-39633 Apr 08, 2026
CSRF in Grand Car Rental <=3.6.9 (grandcarrental) Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.
Grandcarrental
CVE-2026-39634 Apr 08, 2026
CSRF in ThemeGoods Grand Portfolio <= 3.3 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.
Grandportfolio
CVE-2026-39603 Apr 08, 2026
CSRF Vulnerability in ThemeGoods Grand Photography pre5.7.8 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8.
Photography
CVE-2026-27043 Mar 19, 2026
ThemeGoods Photography 7.7.5 Unrestricted Upload Path Traversal Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6.
Photography
CVE-2026-27367 Mar 05, 2026
Musico 3.2.4 Reflected XSS in ThemeGoods WordPress Theme Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico allows Reflected XSS.This issue affects Musico: from n/a before 3.4.5.
Musico
CVE-2026-27358 Mar 05, 2026
ThemeGoods Architecturer <=3.8.8 Reflected XSS Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer allows Reflected XSS.This issue affects Architecturer: from n/a before 3.9.5.
Architecturer
CVE-2026-27353 Mar 05, 2026
Grand News XSS Vulnerability <=3.4.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.
Grandnews
CVE-2026-27352 Mar 05, 2026
WordPress ThemeGoods Starto 2.1.9 Reflected XSS Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto allows Reflected XSS.This issue affects Starto: from n/a before 2.2.5.
Starto
CVE-2026-27348 Mar 05, 2026
WP ThemeGoods Photography <=7.6.1 DOM-Based XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6.
Photography
CVE-2026-22417 Mar 05, 2026
Grand Wedding <=3.1.0 Object Injection via Unsafe Deserialization Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through <= 3.1.0.
Grandwedding
CVE-2026-24949 Feb 20, 2026
PhotoMe <=5.7.1 DOM XSS in photome Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through <= 5.7.1.
Photome
CVE-2026-24943 Feb 20, 2026
Grand Conference <=5.3.4 Reflected XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.
Grandconference
CVE-2025-69370 Feb 20, 2026
Object Injection via Deserialization in Capella <=2.5.5 Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.
Capella
CVE-2025-69301 Feb 20, 2026
Insecure Deserialization in ThemeGoods PhotoMe <=5.6.11 (Untrusted Data) Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.
Photome
CVE-2026-23542 Feb 19, 2026
Grand Restaurant <=7.0.10: Deserialization Object Injection via grandrestaurant Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
Grandrestaurant
Grand Restaurant
CVE-2026-24961 Feb 03, 2026
CVE-2026-24961: SSRF in ThemeGoods Grand Blog <3.1.5 Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.
Grandblog
CVE-2026-24381 Jan 22, 2026
SSRF in ThemeGoods PhotoMe <5.7.2 Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
Photome
CVE-2025-69320 Jan 22, 2026
ThemeGoods Grand Magazine <=3.5.7 Reflected XSS in grandmagazine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through <= 3.5.7.
Grandmagazine
CVE-2025-69321 Jan 22, 2026
ThemeGoods Grand Spa v<=3.5.5 Reflected XSS (grandspa theme) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5.
Grandspa
CVE-2025-68518 Jan 22, 2026
Hoteller <6.8.9 (WP Theme) Reflected XSS (CVE-2025-68518) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.
Hoteller
CVE-2025-68520 Jan 22, 2026
DotLife WP Theme <=4.9.5 Reflected XSS via Unescaped Input Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.
Dotlife
CVE-2025-68538 Jan 22, 2026
CraftCraftCoffee DOM XSS before 2.3.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.
Craftcoffee
CVE-2025-68510 Jan 22, 2026
PHP RFI via Include/Require in ThemeGoods Photography <7.7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.
Photography
CVE-2025-67952 Jan 22, 2026
WP ThemeGoods Grand Tour <=5.6.2 XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.
Grandtour
CVE-2025-63026 Jan 22, 2026
GrandRestaurant-Elementor Stored XSS (<=2.1.1) Input Not Neutralized Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <= 2.1.1.
Grandrestaurant Elementor
Grand Restaurant
CVE-2025-67922 Jan 08, 2026
XSS in ThemeGoods Grand Restaurant 7.0.8 WP Theme Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.
Grandrestaurant
Grand Restaurant
CVE-2025-64217 Dec 18, 2025
ThemeGoods Photography v<=7.7.2 Reflected XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.
Photography
CVE-2025-64224 Nov 06, 2025
Grand Conference Theme XSS via Custom Post Type before 2.6.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.
Grandconference Custom Post
CVE-2025-60116 Sep 26, 2025
ThemeGoods GrandConf Theme 1.x-2.6.3 Missing Auth (CVE-2025-60116) Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.
CVE-2025-32928 May 19, 2025
Deserialization Object Injection in ThemeGoods Altair <5.2.2 Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.
Altair
CVE-2025-32926 May 19, 2025
Grand Restaurant WP 7.0 Path Traversal Vulnerability Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
Grand Restaurant
CVE-2025-39348 May 19, 2025
Grand Restaurant WP Plugin <=7.0: Object Injection via Deserialization Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
Grand Restaurant
CVE-2025-30964 Apr 15, 2025
EPC Photography SSRF Vulnerability (<=7.5.2) Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through < 7.7.6.
Photography
CVE-2024-12922 Mar 19, 2025
Altair WP theme <5.2.4: auth escalation via missing capability The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.