Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Theme Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
alone
Published
2025-07-16
Title
Alone <= 7.8.3 - Unauthenticated Remote Code Execution
Slug
altair
Published
2025-03-18
Title
Altair < 5.2.5 - Unauthenticated Arbitrary Options Update via pp_import_current
Slug
altair
Published
2025-04-21
Title
Altair <= 5.2.2 - Unauthenticated PHP Object Injection
Slug
althea-wp
Published
2024-04-26
Title
ColibriWP Theme framework - Various Versions and Themes - Missing Authorization
Slug
ambience
Published
2013-06-09
Title
Ambience Theme <= 1.0 - Cross-Site Scripting (XSS)
Slug
amela
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Slug
amela
Published
2023-07-17
Title
Multiple DeoThemes Themes - Reflected Cross-Site Scripting
Slug
amela
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
amely
Published
2025-06-23
Title
Amely < 3.2.0 - Unauthenticated SQL Injection
Slug
amoveo
Published
2014-08-01
Title
Amoveo - Arbitrary File Upload
Slug
amplus
Published
2014-08-01
Title
Amplus - CSRF
Slug
amwerk
Published
2025-07-01
Title
Amwerk < 1.3.0 - Unauthenticated PHP Object Injection
Slug
anand
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
andyblue
Published
2007-06-15
Title
Andyblue < 20070607 - XSS
Slug
anfaust
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
angel
Published
2025-11-12
Title
Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Slug
anih
Published
2024-11-08
Title
Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting
Slug
anima
Published
2024-06-25
Title
Anima < 1.4.1.1 - Contributor+ Stored XSS
Slug
anthology
Published
2014-08-01
Title
Anthology - Remote File Upload
Slug
antioch
Published
2016-03-03
Title
Antioch Theme - Arbitrary File Download
Slug
antisnews
Published
2011-09-27
Title
Antisnews < 1.10 - XSS
Slug
antreas
Published
2020-10-01
Title
Multiple Themes - Unauthenticated Function Injection
Slug
anywhere-elementor-pro
Published
2025-05-16
Title
AnyWhere Elementor Pro <= 2.29 - Missing Authorization
Slug
aora
Published
2025-06-11
Title
Aora < 1.3.10 - Unauthenticated Local File Inclusion
Slug
aplite
Published
2021-10-13
Title
Backdoored Plugins & Themes from AccessPress Themes
Previous
1
2
3
4
5
Next
Subscribe
Subscribed
WPScan
Join 30,431 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar
WPScan 