← Back

Catchthemes

catchthemes

6 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Darcie
darcie
1 CVE
Create
create
1 CVE
Catch Base
catch_base
1 CVE
Full Frame
full_frame
1 CVE
Catch Dark Mode
catch_dark_mode
1 CVE
Essential Widgets
essential_widgets
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-67543
1Catchthemes
1Essential Widgets
Jan 20, 2026
Dec 9, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a thro...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2.Show less
CVE-2025-32154
1Catchthemes
1Catch Dark Mode
Apr 23, 2026
Apr 4, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Cat...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1.Show less
CVE-2024-44010
1Catchthemes
1Full Frame
Apr 23, 2026
Oct 6, 2024
N/A· v4
5.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through <= 2.7.2.
CVE-2024-47313
1Catchthemes
1Catch Base
Apr 23, 2026
Oct 6, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through <= 3.4.6.
CVE-2024-47356
1Catchthemes
1Create
Apr 23, 2026
Oct 6, 2024
N/A· v4
5.9 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through <= 2.9.1.
CVE-2023-25961
1Catchthemes
1Darcie
Nov 21, 2024
May 4, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.