WordPress Theme Vulnerabilities

Slug
Published
Title
Slug
f8-lite
Published
2011-09-27
Title
F8 Lite < 4.2.2 - XSS
Slug
fabric
Published
2025-08-19
Title
Fabric <= 1.5.0 - Unauthenticated Local File Inclusion
Slug
fabrica
Published
2025-08-19
Title
Fabrica <= 1.8.1 - Unauthenticated Local File Inclusion
Slug
faith-hope
Published
2025-09-04
Title
Faith & Hope <= 2.13.0 - Unauthenticated Local File Inclusion
Slug
famita
Published
2025-08-30
Title
Famita < 1.55.1 - Unauthenticated Local File Inclusion
Slug
famous
Published
2014-08-01
Title
Famous 2.0.5 - Shell Upload
Slug
fana
Published
2025-06-11
Title
Fana < 1.1.29 - Unauthenticated Local File Inclusion
Slug
fana
Published
2025-12-28
Title
Fana < 1.1.36 - Authenticated (Contributor+) Local File Inclusion
Slug
farmagrico
Published
2025-09-04
Title
Farm Agrico <= 1.3.11 - Unauthenticated Local File Inclusion
Slug
fashion2
Published
2025-12-15
Title
Fashion < 5.3.0 - Authenticated (Contributor+) Local File Inclusion
Slug
fashionable-store
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
fashstore
Published
2021-10-13
Title
Backdoored Plugins & Themes from AccessPress Themes
Slug
feather12
Published
2014-08-01
Title
Feather12 - Multiple Script Direct Request Path Disclosure
Slug
felan-framework
Published
2025-10-15
Title
Felan Framework < 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions
Slug
felan-framework
Published
2025-10-15
Title
Felan Framework < 1.1.5 - Hardcoded Credentials
Slug
felici
Published
2014-08-01
Title
felici - XSS
Slug
felici
Published
2014-08-01
Title
felici - Custom Background Shell Upload
Slug
femme
Published
2025-09-04
Title
Femme <= 1.3.11 - Unauthenticated Local File Inclusion
Slug
festy
Published
2025-08-23
Title
Festy <= 1.13.0 - Unauthenticated Local File Inclusion
Slug
fifteen
Published
2022-02-14
Title
Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify
Slug
filmix
Published
2024-08-29
Title
Filmix <= 1.1 - Reflected Cross-Site Scripting
Slug
finance
Published
2025-05-21
Title
Finance Consultant <= 2.8 - Authenticated (Subscriber+) PHP Object Injection
Slug
financio
Published
2024-04-25
Title
Financio < 1.1.4 - Cross-Site Request Forgery to Notice Dismissal
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR