Approved changes feed: RSS · Atom

cpe:2.3:a:liquidthemes:ai_hub_-_startup_&_technology_wordpress_theme:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorLiquidthemes (7397bd2d-408a-52fc-9769-2db8f4c0555e)
ProductAi Hub Startup & Technology Wordpress Theme (44e11e3b-156d-5338-9917-9b378b862343)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1093 vulnerable 2026-06-08 07:06:36.909114 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image
CRITICAL (9.8)
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-04-19T03:21:23.357Z
Updated: 2026-04-08T16:34:31.588Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-0951 vulnerable 2026-06-08 07:02:26.029812 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
MEDIUM (4.3)
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site's plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard.
Published: 2025-08-28T03:42:43.495Z
Updated: 2026-04-08T16:32:21.073Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.