Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Theme Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
aldo
Published
2026-03-02
Title
Aldo <= 1.0.10 - Unauthenticated Local File Inclusion
Slug
algenix
Published
2025-09-02
Title
Algenix <= 1.0 - Unauthenticated Local File Inclusion
Slug
allegiant
Published
2020-10-01
Title
Multiple Themes - Unauthenticated Function Injection
Slug
allegiant
Published
2024-08-16
Title
Allegiant <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
alliance
Published
2026-02-23
Title
Alliance <= 3.1.1 - Unauthenticated Local File Inclusion
Slug
alloggio
Published
2025-03-30
Title
Alloggio - Hotel Booking <= 1.8 - Unauthenticated Local File Inclusion
Slug
alloggio
Published
2026-04-08
Title
Alloggio - Hotel Booking WordPress Theme < 2.1.3 - Unauthenticated PHP Object Injection
Slug
alltuts
Published
2014-08-01
Title
Site5 Wordpress Themes Email Spoofing
Slug
allure-real-estate-theme-for-placester
Published
2014-08-01
Title
allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf
Slug
allure-real-estate-theme-for-real-estate
Published
2014-08-01
Title
allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf
Slug
almera
Published
2015-05-15
Title
ThemeMakers Themes - Information Disclosure
Slug
alone
Published
2025-07-01
Title
Alone < 7.8.5 - Unauthenticated Remote Code Execution
Slug
alone
Published
2025-07-14
Title
Alone – Charity Multipurpose Non-profit WordPress Theme < 7.8.7 - Missing Authorization to Unauthenticated Arbitrary File Deletion
Slug
alone
Published
2025-07-14
Title
Alone – Charity Multipurpose Non-profit WordPress Theme < 7.8.5 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
Slug
alone
Published
2025-07-16
Title
Alone <= 7.8.3 - Unauthenticated Remote Code Execution
Slug
alright
Published
2025-09-02
Title
Alright <= 1.6.1 - Unauthenticated Local File Inclusion
Slug
altair
Published
2025-03-18
Title
Altair < 5.2.5 - Unauthenticated Arbitrary Options Update via pp_import_current
Slug
altair
Published
2025-04-21
Title
Altair <= 5.2.2 - Unauthenticated PHP Object Injection
Slug
althea-wp
Published
2024-04-26
Title
ColibriWP Theme framework - Various Versions and Themes - Missing Authorization
Slug
alukas
Published
2026-04-22
Title
Alukas < 3.0.0 - Unauthenticated PHP Object Injection
Slug
ambience
Published
2013-06-09
Title
Ambience Theme <= 1.0 - Cross-Site Scripting (XSS)
Slug
amela
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Slug
amela
Published
2023-07-17
Title
Multiple DeoThemes Themes - Reflected Cross-Site Scripting
Slug
amela
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
amely
Published
2025-06-23
Title
Amely < 3.2.0 - Unauthenticated SQL Injection
Previous
1
2
3
4
5
Next
Subscribe
Subscribed
WPScan
Join 30,895 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar
WPScan 