| AI Hub Theme |
Arbitrary File Upload (BAC) |
| Altair Theme |
PHP Object Injection |
| Anps Theme |
Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Arkhe Theme |
Cross-Site Request Forgery (CSRF) and Local File Inclusion (LFi) |
| Arkhe Theme Blocks |
Cross-Site Scripting (XSS) |
| Arrival Theme |
Local File Inclusion (LFi) |
| aThemes Addons for Elementor |
Local File Inclusion (LFi) |
| Betheme Theme |
Cross-Site Scripting (XSS) |
| Bloggie Theme |
Arbitrary File Upload (BAC) |
| Bulk Theme |
Broken Access Control (BAC) |
| Bulk Theme Assign Linked Products For WooCommerce |
Broken Access Control (BAC) |
| Bulk Theme Fields Editor |
Broken Access Control (BAC) |
| Bulk Theme NoIndex & NoFollow Toolkit |
Cross-Site Scripting (XSS) |
| Bulk Theme Page Stub Creator |
Cross-Site Scripting (XSS) |
| Bulk Theme Product Sync |
Cross-Site Request Forgery (CSRF) |
| Bulk Theme Product Sync |
SQL Injection (SQLi) |
| Bulk Theme Term Editor |
Cross-Site Request Forgery (CSRF) |
| Celestial Aura Theme |
Arbitrary File Upload (BAC) |
| CiyaShop Theme |
PHP Object Injection |
| CLP – Custom Login Page by NiteoThemes |
Cross-Site Request Forgery (CSRF) |
| Configurator Theme Core |
Privilege Escalation (BAC) |
| Customify Theme |
Broken Access Control (BAC) |
| CWW Portfolio Theme |
Local File Inclusion (LFi) |
| Dessau Theme |
Local File Inclusion (LFi) |
| DethemeKit For Elementor |
Broken Access Control (BAC) |
| Dør Theme |
Local File Inclusion (LFi) |
| Easy Child Theme Creator |
Cross-Site Request Forgery (CSRF) |
| Eduma Theme |
Broken Access Control (BAC) |
| Edumall Theme |
Unauthenticated Local File Inclusion (LFi) |
| Eximius Theme |
Arbitrary File Upload (BAC) |
| Fazyvo Theme |
Cross-Site Scripting (XSS) |
| Foton Theme |
Local File Inclusion (LFi) |
| Glossy Blog Theme |
Cross-Site Scripting (XSS) |
| Grace Mag Theme |
Local File Inclusion (LFi) |
| Grand Restaurant WordPress Theme |
Arbitrary Options Deletion |
| Grand Restaurant WordPress Theme |
Broken Access Control (BAC) |
| Grand Restaurant WordPress Theme |
Cross-Site Request Forgery (CSRF) |
| Grand Restaurant WordPress Theme |
Path Traversal (BAC) to PHP Object Injection |
| Grand Restaurant WordPress Theme |
PHP Object Injection |
| Gravel Theme |
Cross-Site Scripting (XSS) |
| Gravity Forms CSS Themes with Fontawesome and Placeholders |
Cross-Site Scripting (XSS) |
| Home Services Theme |
Cross-Site Scripting (XSS) |
| Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue |
Broken Access Control (BAC) |
| Industrial Lite Theme |
Broken Access Control (BAC) |
| Ivy School Theme |
Local File Inclusion (LFi) |
| JNews Theme |
Broken Access Control (BAC) |
| Kleo Theme |
Broken Access Control (BAC) |
| Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme |
Cross-Site Scripting (XSS) |
| Opstore Theme |
Local File Inclusion (LFi) |
| Photobox Theme |
Arbitrary File Upload (BAC) |
| Photobox Theme |
Cross-Site Scripting (XSS) |
| Photography Theme |
Server Side Request Forgery (SSRF) |
| Product Excel Import Export & Bulk Theme Edit for WooCommerce |
Cross-Site Scripting (XSS) |
| Quantity Dynamic Pricing & Bulk Theme Discounts for WooCommerce |
Cross-Site Scripting (XSS) |
| Real Estate 7 Theme |
Privilege Escalation (BAC) |
| Real Estate 7 Theme |
(Seller) Arbitrary File Upload (BAC) |
| Reales WP Theme |
Missing Authorization (BAC) to Unauthenticated Attachment Deletion and Favorite Property Updates |
| Revive.so – Bulk Theme Rewrite and Republish Blog Posts |
Broken Access Control (BAC) |
| Rezo Theme |
Arbitrary File Upload (BAC) |
| Rezo Theme |
Cross-Site Scripting (XSS) |
| Shopo Theme |
Cross-Site Scripting (XSS) |
| Simplish Theme |
Cross-Site Scripting (XSS) |
| Sirat Theme |
Broken Access Control (BAC) |
| Slide Theme |
Arbitrary File Upload (BAC) |
| Slide Theme |
Cross-Site Scripting (XSS) |
| Smart Sections Theme Builder - WPBakery Page Builder Addon |
PHP Object Injection |
| SpaBiz Theme |
Cross-Site Scripting (XSS) |
| Streamit Theme |
Arbitrary File Download (BAC) |
| Streamit Theme |
Arbitrary File Upload (BAC) |
| Streamit Theme |
Privilege Escalation (BAC) from User Email Change/Account Takeover (BAC) |
| Tainá Theme |
Cross-Site Scripting (XSS) |
| Tastyc Theme |
Local File Inclusion (LFi) |
| Tastyc Theme |
Local File Inclusion (LFi) |
| Theme Changer |
Cross-Site Request Forgery (CSRF) |
| Theme Duplicator |
Cross-Site Request Forgery (CSRF) |
| Theme Switcha |
Cross-Site Scripting (XSS) |
| Themesflat Addons For Elementor |
Cross-Site Scripting (XSS) |
| Themesflat Addons For Elementor |
Cross-Site Scripting (XSS) |
| Themify Edmin Theme |
Arbitrary File Upload (BAC) |
| Themify Edmin Theme |
Cross-Site Scripting (XSS) |
| Themify Folo Theme |
Arbitrary File Upload (BAC) |
| Themify Folo Theme |
Cross-Site Scripting (XSS) |
| Themify Newsy Theme |
Arbitrary File Upload (BAC) |
| Themify Newsy Theme |
Cross-Site Scripting (XSS) |
| Themify Sidepane WordPress Theme |
Arbitrary File Upload (BAC) |
| Themify Sidepane WordPress Theme |
Cross-Site Scripting (XSS) |
| Tiger Theme |
Cross-Site Scripting (XSS) |
| Tiger Theme |
Cross-Site Scripting (XSS) |
| Vikinger Theme |
Privilege Escalation (BAC) from 'vikinger_user_meta_update_ajax' |
| Wanderland Theme |
Local File Inclusion (LFi) |
| Wigi Theme |
Arbitrary File Upload (BAC) |
| Wireless Butler Theme |
Cross-Site Scripting (XSS) |
| Woffice Theme |
Authentication Bypass (BAC) from Registration Role |
| wProject Theme |
Cross-Site Scripting (XSS) |
| wProject Theme |
Privilege Escalation (BAC) |
| wProject Theme |
Unauthenticated Post/Comment/Attachment Modification/Deletion |
| Xews Lite Theme |
Local File Inclusion (LFi) |
| Xpro Theme Builder |
Broken Access Control (BAC) |
