AI Hub Theme |
Arbitrary File Upload (BAC) |
Altair Theme |
PHP Object Injection |
Anps Theme |
Unauthenticated Arbitrary Shortcode Execution (BAC) |
Arkhe Theme |
Cross-Site Request Forgery (CSRF) and Local File Inclusion (LFi) |
Arkhe Theme Blocks |
Cross-Site Scripting (XSS) |
Arrival Theme |
Local File Inclusion (LFi) |
aThemes Addons for Elementor |
Local File Inclusion (LFi) |
Betheme Theme |
Cross-Site Scripting (XSS) |
Bloggie Theme |
Arbitrary File Upload (BAC) |
Bulk Theme |
Broken Access Control (BAC) |
Bulk Theme Assign Linked Products For WooCommerce |
Broken Access Control (BAC) |
Bulk Theme Fields Editor |
Broken Access Control (BAC) |
Bulk Theme NoIndex & NoFollow Toolkit |
Cross-Site Scripting (XSS) |
Bulk Theme Page Stub Creator |
Cross-Site Scripting (XSS) |
Bulk Theme Product Sync |
Cross-Site Request Forgery (CSRF) |
Bulk Theme Product Sync |
SQL Injection (SQLi) |
Bulk Theme Term Editor |
Cross-Site Request Forgery (CSRF) |
Celestial Aura Theme |
Arbitrary File Upload (BAC) |
CiyaShop Theme |
PHP Object Injection |
CLP – Custom Login Page by NiteoThemes |
Cross-Site Request Forgery (CSRF) |
Configurator Theme Core |
Privilege Escalation (BAC) |
Customify Theme |
Broken Access Control (BAC) |
CWW Portfolio Theme |
Local File Inclusion (LFi) |
Dessau Theme |
Local File Inclusion (LFi) |
DethemeKit For Elementor |
Broken Access Control (BAC) |
Dør Theme |
Local File Inclusion (LFi) |
Easy Child Theme Creator |
Cross-Site Request Forgery (CSRF) |
Eduma Theme |
Broken Access Control (BAC) |
Edumall Theme |
Unauthenticated Local File Inclusion (LFi) |
Eximius Theme |
Arbitrary File Upload (BAC) |
Fazyvo Theme |
Cross-Site Scripting (XSS) |
Foton Theme |
Local File Inclusion (LFi) |
Glossy Blog Theme |
Cross-Site Scripting (XSS) |
Grace Mag Theme |
Local File Inclusion (LFi) |
Grand Restaurant WordPress Theme |
Arbitrary Options Deletion |
Grand Restaurant WordPress Theme |
Broken Access Control (BAC) |
Grand Restaurant WordPress Theme |
Cross-Site Request Forgery (CSRF) |
Grand Restaurant WordPress Theme |
Path Traversal (BAC) to PHP Object Injection |
Grand Restaurant WordPress Theme |
PHP Object Injection |
Gravel Theme |
Cross-Site Scripting (XSS) |
Gravity Forms CSS Themes with Fontawesome and Placeholders |
Cross-Site Scripting (XSS) |
Home Services Theme |
Cross-Site Scripting (XSS) |
Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue |
Broken Access Control (BAC) |
Industrial Lite Theme |
Broken Access Control (BAC) |
Ivy School Theme |
Local File Inclusion (LFi) |
JNews Theme |
Broken Access Control (BAC) |
Kleo Theme |
Broken Access Control (BAC) |
Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme |
Cross-Site Scripting (XSS) |
Opstore Theme |
Local File Inclusion (LFi) |
Photobox Theme |
Arbitrary File Upload (BAC) |
Photobox Theme |
Cross-Site Scripting (XSS) |
Photography Theme |
Server Side Request Forgery (SSRF) |
Product Excel Import Export & Bulk Theme Edit for WooCommerce |
Cross-Site Scripting (XSS) |
Quantity Dynamic Pricing & Bulk Theme Discounts for WooCommerce |
Cross-Site Scripting (XSS) |
Real Estate 7 Theme |
Privilege Escalation (BAC) |
Real Estate 7 Theme |
(Seller) Arbitrary File Upload (BAC) |
Reales WP Theme |
Missing Authorization (BAC) to Unauthenticated Attachment Deletion and Favorite Property Updates |
Revive.so – Bulk Theme Rewrite and Republish Blog Posts |
Broken Access Control (BAC) |
Rezo Theme |
Arbitrary File Upload (BAC) |
Rezo Theme |
Cross-Site Scripting (XSS) |
Shopo Theme |
Cross-Site Scripting (XSS) |
Simplish Theme |
Cross-Site Scripting (XSS) |
Sirat Theme |
Broken Access Control (BAC) |
Slide Theme |
Arbitrary File Upload (BAC) |
Slide Theme |
Cross-Site Scripting (XSS) |
Smart Sections Theme Builder - WPBakery Page Builder Addon |
PHP Object Injection |
SpaBiz Theme |
Cross-Site Scripting (XSS) |
Streamit Theme |
Arbitrary File Download (BAC) |
Streamit Theme |
Arbitrary File Upload (BAC) |
Streamit Theme |
Privilege Escalation (BAC) from User Email Change/Account Takeover (BAC) |
Tainá Theme |
Cross-Site Scripting (XSS) |
Tastyc Theme |
Local File Inclusion (LFi) |
Tastyc Theme |
Local File Inclusion (LFi) |
Theme Changer |
Cross-Site Request Forgery (CSRF) |
Theme Duplicator |
Cross-Site Request Forgery (CSRF) |
Theme Switcha |
Cross-Site Scripting (XSS) |
Themesflat Addons For Elementor |
Cross-Site Scripting (XSS) |
Themesflat Addons For Elementor |
Cross-Site Scripting (XSS) |
Themify Edmin Theme |
Arbitrary File Upload (BAC) |
Themify Edmin Theme |
Cross-Site Scripting (XSS) |
Themify Folo Theme |
Arbitrary File Upload (BAC) |
Themify Folo Theme |
Cross-Site Scripting (XSS) |
Themify Newsy Theme |
Arbitrary File Upload (BAC) |
Themify Newsy Theme |
Cross-Site Scripting (XSS) |
Themify Sidepane WordPress Theme |
Arbitrary File Upload (BAC) |
Themify Sidepane WordPress Theme |
Cross-Site Scripting (XSS) |
Tiger Theme |
Cross-Site Scripting (XSS) |
Tiger Theme |
Cross-Site Scripting (XSS) |
Vikinger Theme |
Privilege Escalation (BAC) from 'vikinger_user_meta_update_ajax' |
Wanderland Theme |
Local File Inclusion (LFi) |
Wigi Theme |
Arbitrary File Upload (BAC) |
Wireless Butler Theme |
Cross-Site Scripting (XSS) |
Woffice Theme |
Authentication Bypass (BAC) from Registration Role |
wProject Theme |
Cross-Site Scripting (XSS) |
wProject Theme |
Privilege Escalation (BAC) |
wProject Theme |
Unauthenticated Post/Comment/Attachment Modification/Deletion |
Xews Lite Theme |
Local File Inclusion (LFi) |
Xpro Theme Builder |
Broken Access Control (BAC) |