WordPress Theme Vulnerabilities

Slug
Published
Title
Slug
f8-lite
Published
2011-09-27
Title
F8 Lite < 4.2.2 - XSS
Slug
famita
Published
2025-08-30
Title
Famita < 1.55.1 - Unauthenticated Local File Inclusion
Slug
famous
Published
2014-08-01
Title
Famous 2.0.5 - Shell Upload
Slug
fana
Published
2025-06-11
Title
Fana < 1.1.29 - Unauthenticated Local File Inclusion
Slug
fashionable-store
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
fashstore
Published
2021-10-13
Title
Backdoored Plugins & Themes from AccessPress Themes
Slug
feather12
Published
2014-08-01
Title
Feather12 - Multiple Script Direct Request Path Disclosure
Slug
felan-framework
Published
2025-10-15
Title
Felan Framework < 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions
Slug
felan-framework
Published
2025-10-15
Title
Felan Framework < 1.1.5 - Hardcoded Credentials
Slug
felici
Published
2014-08-01
Title
felici - XSS
Slug
felici
Published
2014-08-01
Title
felici - Custom Background Shell Upload
Slug
fifteen
Published
2022-02-14
Title
Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify
Slug
filmix
Published
2024-08-29
Title
Filmix <= 1.1 - Reflected Cross-Site Scripting
Slug
finance
Published
2025-05-21
Title
Finance Consultant <= 2.8 - Authenticated (Subscriber+) PHP Object Injection
Slug
financio
Published
2024-04-25
Title
Financio < 1.1.4 - Cross-Site Request Forgery to Notice Dismissal
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Slug
findeo
Published
2021-03-31
Title
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
Slug
findgo
Published
2020-07-13
Title
Findgo - Directory Listing < 1.3.32 - Unauthenticated Reflected and Authenticated Stored XSS
Slug
findgo
Published
2025-08-14
Title
Findgo < 1.3.58 - Cross-Site Request Forgery
Slug
findus
Published
2020-07-13
Title
Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS
Slug
fingo
Published
2025-09-22
Title
Findgo <= 1.3.55 - Cross-Site Request Forgery
Slug
fioxen
Published
2025-01-06
Title
Multiple Themes by gavias - Reflected XSS
Slug
fire-blog
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
fish-house
Published
2025-05-21
Title
Fish House <= 1.2.7 - Unauthenticated PHP Object Injection
Slug
fitness-park
Published
2025-06-19
Title
Fitness Park <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting