WordPress Theme Vulnerabilities

Slug
Published
Title
Slug
pinevale
Published
2025-08-04
Title
Pinevale <= 1.0.14 - Unauthenticated Local File Inclusion
Slug
pinfinity
Published
2017-09-12
Title
Pinfinity Theme < 2.0 - Reflected Cross-site Scripting (XSS)
Slug
pinzolo
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
pippo
Published
2025-12-30
Title
Pippo <= 1.2.3 - Unauthenticated Local File Inclusion
Slug
piqes
Published
2025-12-31
Title
Piqes <= 1.0.11 - Unauthenticated Local File Inclusion
Slug
pisole
Published
2025-01-06
Title
Multiple Themes by gavias - Reflected XSS
Slug
pixgraphy
Published
2024-06-06
Title
Pixgraphy < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
pixigo
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
pixiv-custom
Published
2011-09-27
Title
Pixiv Custom < 2.1.6 - XSS
Slug
pixova-lite
Published
2020-10-01
Title
Multiple Themes - Unauthenticated Function Injection
Slug
pizzahouse
Published
2026-02-27
Title
Pizza House <= 1.4.0 - Unauthenticated PHP Object Injection
Slug
pj
Published
2026-02-11
Title
PJ | Life & Business Coaching <= 3.0.0 - Unauthenticated Local File Inclusion
Slug
plain-post
Published
2024-12-11
Title
Plain Post < 1.0.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Slug
plank
Published
2026-02-11
Title
Plank <= 1.7 - Unauthenticated Local File Inclusion
Slug
planmyday
Published
2025-09-04
Title
Plan My Day <= 1.1.13 - Unauthenticated Local File Inclusion
Slug
plant
Published
2025-05-16
Title
Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Unauthenticated Information Exposure
Slug
platform
Published
2015-02-04
Title
Platform Theme < 1.4.4 - Privilege Escalation & RCE
Slug
platform
Published
2016-11-24
Title
PageLines Platform Theme <= 1.1.4 - Cross-Site Request Forgery (CSRF)
Slug
plato
Published
2023-08-14
Title
Multiple Themes - Reflected XSS
Slug
playa
Published
2026-02-25
Title
Playa | Beach & Pool Club WordPress Theme <= 1.3.9 - Unauthenticated Local File Inclusion
Slug
playful
Published
2025-08-23
Title
Playful <= 1.19.0 - Unauthenticated Local File Inclusion
Slug
pliska
Published
2024-04-30
Title
Pliska < 0.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name
Slug
point-blog
Published
2024-07-09
Title
Point <= 1.1 - Cross-Site Request Forgery
Slug
police-department
Published
2026-02-27
Title
Police Department <= 2.17 - Unauthenticated Local File Inclusion
Slug
politican__
Published
2015-05-15
Title
ThemeMakers Themes - Information Disclosure