WordPress Theme vulnerabilities | Page 3 | WPScan

0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z

Slug

Published

2025-01-13

Title

Homey <= 2.4.1 - Authenticated (Subscriber+) Privilege Escalation

Slug

Published

2025-03-04

Title

Homey < 2.4.3 - Unauthenticated Privilege Escalation in homey_save_profile

Slug

Published

2025-03-06

Title

Homey < 2.4.4 - Cross-Site Request Forgery to User Verification

Slug

Published

2025-03-06

Title

Homey < 2.4.4 - Limited Authentication Bypass

Slug

Published

2025-05-01

Title

Homey - Booking and Rentals WordPress Theme < 2.4.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion

Slug

Published

2025-05-01

Title

Homey - Booking and Rentals WordPress Theme < 2.4.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion

Slug

Published

2025-06-26

Title

Homey <= 2.4.5 - Reflected Cross-Site Scripting

Slug

Published

2025-06-24

Title

Homey <= 2.4.5 - Unauthenticated SQL Injection

Slug

Published

2022-02-14

Title

Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify

Slug

Published

2026-02-25

Title

Honor | Shooting Club & Weapon and Gun Store Theme <= 2.3 - Unauthenticated Local File Inclusion

Slug

Published

2026-02-25

Title

Horizon <= 1.1 - Unauthenticated Local File Inclusion

Slug

Published

2025-02-18

Title

Hostiko - Hosting WordPress & WHMCS Theme < 30.1 - Unauthenticated Local File Inclusion

Slug

Published

2025-02-18

Title

Hostiko - Hosting WordPress & WHMCS Theme < 30.1 - Reflected Cross-Site Scripting

Slug

Published

2026-01-20

Title

Hostiko < 94.3.6 - Unauthenticated Stored Cross-Site Scripting

Slug

Published

2026-01-13

Title

Hostme v2 <= 7.0 - Unauthenticated Arbitrary File Deletion

Slug

Published

2024-08-29

Title

Hotel Galaxy <= 4.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

Slug

Published

2023-07-18

Title

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Slug

Published

2026-01-20

Title

Hoteller < 6.8.9 - Reflected Cross-Site Scripting

Slug

Published

2025-05-16

Title

HotStar – Multi-Purpose Business Theme <= 1.4 - Missing Authorization

Slug

Published

2025-05-19

Title

HotStar – Multi-Purpose Business Theme <= 1.4 - Unauthenticated PHP Object Injection

Slug

Published

2020-01-11

Title

Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Slug

Published

2024-08-12

Title

Houzez < 3.2.5 - Reflected Cross-Site Scripting

Slug

Published

2024-09-17

Title

Houzez < 3.3.0 - Subscriber+ Privilege Escalation

Slug

Published

2025-01-24

Title

Houzez < 3.4.2 - Missing Authorization

Slug

Published

2025-01-21

Title

Houzez < 3.4.2 - Missing Authorization