Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Theme Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
ask-me
Published
2022-05-16
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Slug
ask-me
Published
2022-05-16
Title
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
Slug
ask-me
Published
2022-08-01
Title
Ask Me < 6.8.4 - CSRF in Edit Profile
Slug
askka
Published
2026-03-03
Title
Askka <= 1.0 - Unauthenticated Local File Inclusion
Slug
askka
Published
2026-04-08
Title
Askka - Candle Shop WordPress Theme < 1.4 - Unauthenticated PHP Object Injection
Slug
assembly
Published
2025-09-02
Title
Assembly <= 1.1 - Unauthenticated Local File Inclusion
Slug
astore
Published
2022-02-14
Title
Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify
Slug
astra
Published
2024-03-25
Title
Astra < 4.6.9 - Contributor+ Stored XSS
Slug
astra
Published
2024-03-25
Title
Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer
Slug
astra
Published
2026-03-10
Title
Astra < 4.12.4 - Contributor+ Stored XSS via Post Meta
Slug
atahualpa
Published
2017-03-01
Title
Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)
Slug
atahualpa
Published
2011-09-27
Title
Atahualpa < 3.6.8 - XSS
Slug
athens
Published
2026-01-08
Title
Athens <= 1.1.6 - Unauthenticated Local File Inclusion
Slug
athos
Published
2025-09-02
Title
Athos <= 1.9 - Unauthenticated Local File Inclusion
Slug
atlas
Published
2026-01-07
Title
Atlas <= 2.1.0 - Unauthenticated Local File Inclusion
Slug
atlast-business
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
atomlab
Published
2026-04-20
Title
Atomlab < 2.4.6 - Unauthenticated Local File Inclusion
Slug
attire
Published
2024-08-30
Title
Attire < 2.0.7 - Authenticated (Contributor+) PHP Object Injection
Slug
attorney
Published
2022-10-30
Title
Attorney <= 3 - Unauthenticated Arbitrary Page/Post Deletion
Slug
attorney
Published
2023-10-02
Title
Attorney <= 3 - Reflected XSS
Slug
au-pair-agency
Published
2026-03-04
Title
Au Pair Agency - Babysitting & Nanny Theme <= 1.2.2 - Unauthenticated PHP Object Injection
Slug
auberge
Published
2015-05-12
Title
Auberge Theme <= 1.4.4 - DOM Cross-Site Scripting (XSS)
Slug
auramart
Published
2025-03-24
Title
AuraMart <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
aurum-minimalist-shopping-theme
Published
2025-01-06
Title
Aurum - WordPress & WooCommerce Shopping Theme < 4.0.3 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import
Slug
authentic
Published
2015-03-03
Title
Authentic Theme - Arbitrary File Download
Previous
4
5
6
7
8
Next
Subscribe
Subscribed
WPScan
Join 30,895 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar
WPScan 