Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Theme Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
newsy
Published
2025-04-01
Title
Multiple Themify Themes - Contributor+ Arbitrary File Upload
Slug
nexio
Published
2026-05-26
Title
Nexio <= 1.10.0 - Unauthenticated Local File Inclusion
Slug
nexos
Published
2019-09-08
Title
Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS
Slug
nexos
Published
2020-06-28
Title
Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection
Slug
nexter
Published
2023-10-12
Title
Nexter < 2.0.4 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'
Slug
nexter
Published
2023-10-12
Title
Nexter < 2.0.4 - Missing Authorization
Slug
ngo-charity-lite
Published
2022-02-14
Title
Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify
Slug
nichebase
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Slug
nichebase
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
nictitate
Published
2024-03-29
Title
Nictitate <= 1.1.4 - Cross-Site Request Forgery
Slug
nifty
Published
2026-06-12
Title
Nifty < 1.4.2 - Unauthenticated PHP Object Injection
Slug
nightlife
Published
2014-08-01
Title
Nightlife by Templatic - CSRF File Upload
Slug
nika
Published
2025-06-11
Title
Nika < 1.2.9 - Unauthenticated Local File Inclusion
Slug
nika
Published
2025-12-23
Title
Nika < 1.2.15 - Authenticated (Contributor+) Local File Inclusion
Slug
nika
Published
2026-02-11
Title
Nika < 1.2.15 - Unauthenticated Local File Inclusion
Slug
nioland
Published
2024-10-22
Title
Nioland < 1.2.7 - Reflected Cross-Site Scripting via s
Slug
nirvana
Published
2024-08-29
Title
Nirvana <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
nirvana
Published
2026-02-26
Title
Nirvana <= 2.6 - Unauthenticated Local File Inclusion
Slug
noisa
Published
2025-07-08
Title
Noisa < 2.6.2 - Authenticated (Subscriber+) PHP Object Injection
Slug
noisa
Published
2025-10-10
Title
Noisa < 2.6.3 - Unauthenticated PHP Object Injection
Slug
nokke
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Slug
nokke
Published
2023-07-17
Title
Multiple DeoThemes Themes - Reflected Cross-Site Scripting
Slug
nokke
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
nokke
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
nokri
Published
2025-02-28
Title
Nokri < 1.6.3 - Unauthenticated Arbitrary Password Change
Previous
1
2
3
4
5
Next
Subscribe
Subscribed
WPScan
Join 30,625 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar