WordPress Theme vulnerabilities | Page 3 | WPScan

0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z

Slug

Published

2023-07-18

Title

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Slug

Published

2024-03-29

Title

Nictitate <= 1.1.4 - Cross-Site Request Forgery

Slug

Published

2014-08-01

Title

Nightlife by Templatic - CSRF File Upload

Slug

Published

2025-06-11

Title

Nika < 1.2.9 - Unauthenticated Local File Inclusion

Slug

Published

2025-12-23

Title

Nika < 1.2.15 - Authenticated (Contributor+) Local File Inclusion

Slug

Published

2026-02-11

Title

Nika < 1.2.15 - Unauthenticated Local File Inclusion

Slug

Published

2024-10-22

Title

Nioland < 1.2.7 - Reflected Cross-Site Scripting via s

Slug

Published

2024-08-29

Title

Nirvana <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Slug

Published

2026-02-26

Title

Nirvana <= 2.6 - Unauthenticated Local File Inclusion

Slug

Published

2025-07-08

Title

Noisa < 2.6.2 - Authenticated (Subscriber+) PHP Object Injection

Slug

Published

2025-10-10

Title

Noisa < 2.6.3 - Unauthenticated PHP Object Injection

Slug

Published

2022-02-28

Title

Unauthorised AJAX Calls via Freemius

Slug

Published

2023-07-17

Title

Multiple DeoThemes Themes - Reflected Cross-Site Scripting

Slug

Published

2023-07-18

Title

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Slug

Published

2023-08-14

Title

Multiple Themes - Reflected XSS

Slug

Published

2025-02-28

Title

Nokri < 1.6.3 - Unauthenticated Arbitrary Password Change

Slug

Published

2025-07-11

Title

Nokri < 1.6.4 - Subscriber+ Privilege Escalation

Slug

Published

2025-09-22

Title

Nokri <= 1.6.4 - Cross-Site Request Forgery

Slug

Published

2026-02-16

Title

CitiLights < 3.7.2 - Missing Authorization

Slug

Published

2026-03-16

Title

Support for CitiLights - Real Estate WordPress Theme < 3.7.2 - Reflected Cross-Site Scripting

Slug

Published

2026-03-16

Title

Support for CitiLights - Real Estate WordPress Theme < 3.7.2 - Authenticated (Subscriber+) PHP Object Injection

Slug

Published

2019-10-24

Title

JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

Slug

Published

2020-09-21

Title

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

Slug

Published

2024-07-09

Title

Jobmonster < 4.7.6 - Unauthenticated Privilege Escalation

Slug

Published

2024-07-09

Title

Jobmonster < 4.7.5 - Unauthenticated Arbitrary File Deletion

Previous
1
2
3
4
5
Next