Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Theme Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
f8-lite
Published
2011-09-27
Title
F8 Lite < 4.2.2 - XSS
Slug
famous
Published
2014-08-01
Title
Famous 2.0.5 - Shell Upload
Slug
fashionable-store
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
fashstore
Published
2021-10-13
Title
Backdoored Plugins & Themes from AccessPress Themes
Slug
feather12
Published
2014-08-01
Title
Feather12 - Multiple Script Direct Request Path Disclosure
Slug
felici
Published
2014-08-01
Title
felici - XSS
Slug
felici
Published
2014-08-01
Title
felici - Custom Background Shell Upload
Slug
fifteen
Published
2022-02-14
Title
Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify
Slug
financio
Published
2024-04-25
Title
Financio < 1.1.4 - Cross-Site Request Forgery to Notice Dismissal
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
Slug
findgo
Published
2020-07-13
Title
Findgo - Directory Listing < 1.3.32 - Unauthenticated Reflected and Authenticated Stored XSS
Slug
findus
Published
2020-07-13
Title
Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS
Slug
fire-blog
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
flashlight
Published
2014-08-01
Title
Flashlight - Unspecified XSS
Slug
flashnews
Published
2014-08-01
Title
Flash News - Multiple Vulnerabilities
Slug
flashy
Published
2015-03-26
Title
Flashy Theme <= 1.3 - Cross-Site Scripting (XSS)
Slug
flatsome
Published
2023-04-25
Title
Flatsome < 3.17.0 - Reflected XSS
Slug
flatsome
Published
2023-09-05
Title
Flatsome < 3.17.6 - Unauthenticated PHP Object Injection
Slug
focusblog
Published
2021-03-24
Title
All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
Slug
focusblog
Published
2021-03-24
Title
All Thrive Themes and Plugins - Unauthenticated Option Update
Slug
folo
Published
2014-08-01
Title
Folo - Cross Site Scripting
Slug
foodbakery
Published
2020-08-05
Title
FoodBakery < 2.0 - Unauthenticated Reflected XSS
Slug
foodbakery
Published
2021-06-14
Title
FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
Slug
footysquare
Published
2022-12-29
Title
Multiple themes - Unauthenticated Arbitrary File Upload
Previous
1
2
Next
Subscribe
Subscribed
WPScan
Join 30,699 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Edit Site
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar