Dream-theme The7 — Website And Ecommerce Builder For Wordpress
4 CVEs affecting Dream-theme The7 — Website And Ecommerce Builder For Wordpress. Latest disclosed: 2026-05-15. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6646 | Medium | 6.4 | 2026-05-15 | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. T… |
CVE-2025-11897 | Medium | 6.4 | 2025-10-25 | The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7_fancy_title_css’ paramet… |
CVE-2025-7726 | Medium | 6.4 | 2025-08-09 | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to i… |
CVE-2024-5451 | Medium | 6.4 | 2024-06-25 | The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plug… |