GCVE - cpe:2.3:a:themegoods:photome:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:themegoods:photome:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themegoods (`f2142911-7c1b-5431-a8f8-8245a5d1b792`)
Product	Photome (`fc470793-b102-5154-9e83-b6dda09a2dd8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-24949`	vulnerable	2026-06-03 15:16:53.663644	WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through <= 5.7.1. Published: 2026-02-20T15:47:08.290Z Updated: 2026-04-28T16:14:51.260Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Theme/photome/vulnerability/wordpress-photome-theme-5-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-24381`	vulnerable	2026-06-03 15:16:52.381186	WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability MEDIUM (5.4) Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. Published: 2026-01-22T16:52:46.716Z Updated: 2026-04-28T16:14:48.377Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Theme/photome/vulnerability/wordpress-photome-theme-5-7-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-69301`	vulnerable	2026-06-03 15:11:04.930789	WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability CRITICAL (9.8) Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11. Published: 2026-02-20T15:46:46.725Z Updated: 2026-04-28T20:46:33.634Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Theme/photome/vulnerability/wordpress-photome-theme-5-6-11-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.