Ai Hub Startup & Technology Wordpress Theme
Approved changes feed: RSS · Atom
cpe:2.3:a:liquidthemes:ai_hub_-_startup_&_technology_wordpress_theme:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Liquidthemes (7397bd2d-408a-52fc-9769-2db8f4c0555e) |
|---|---|
| Product | Ai Hub Startup & Technology Wordpress Theme (44e11e3b-156d-5338-9917-9b378b862343) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1093 |
vulnerable | 2026-06-08 07:06:36.909114 |
AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image
CRITICAL (9.8)
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-04-19T03:21:23.357Z
Updated: 2026-04-08T16:34:31.588Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0951 |
vulnerable | 2026-06-08 07:02:26.029812 |
LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
MEDIUM (4.3)
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site's plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard.
Published: 2025-08-28T03:42:43.495Z
Updated: 2026-04-08T16:32:21.073Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.