WordPress Themes Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date Supreme Directory WordPress Supreme Directory theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28 BBE WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability 2018-06-05 Enfold WordPress Enfold theme <=4.2 - Rewrite Portfolio Permalink Structure & Information Disclosure 2018-01-30 Pinfinity WordPress Pinfinity theme <=1.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2017-09-12 Bridge Theme WordPress Bridge theme <=11.1 - DOM Cross-Site Scripting (XSS) vulnerability 2017-08-08 Salutation Responsive WordPress + BuddyPress Theme Salutation Responsive WordPress + BuddyPress theme <=3.0.15 - Stored Cross-site scripting (XSS) vulnerability 2017-07-31 Real Estate 7 WordPress Real Estate 7 theme 2.5.6 - Authenticated Arbitrary File Upload vulnerability 2017-04-15 Javo Spot WordPress Javo Spot Premium Theme <= 2.0.0 - Unauthenticated Directory Traversal 2017-02-10 Headway WordPress Headway Theme <= 3.8.8 - Cross Site Scripting 2016-10-13 Neosense WordPress Neosense Theme <= 1.7 - Unrestricted File Upload 2016-09-20 Cerber Limit Login Attempts WordPress Cerber Limit Login Attempts Plugin <= 2.7.2 - Cross-Site Request Forgery (CSRF) 2016-08-29 Akal WordPress Akal Theme - Cross Site Scripting 2016-08-22 ColorWay WordPress ColorWay Theme <= 3.4.1 - Cross Site Scripting 2016-07-26 Uncode WordPress Uncode Theme 1.3.1 - Arbitrary File Upload 2016-06-06 Newspaper WordPress Newspaper Theme 6.7.1 - Privilege Escalation 2016-06-06 Creative Multi-Purpose WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS 2016-06-06 Truemag WordPress Truemag Theme - Cross Site Scripting 2016-04-29 ScoreMe WordPress ScoreMe Theme - Cross Site Scripting 2016-04-04 Cerber Limit Login Attempts WordPress Cerber Limit Login Attempts Plugin <= 2.0.1.6 - XSS 2016-04-01 Beauty & Clean WordPress Beauty & Clean Theme 1.0.8 - Arbitrary File Upload 2016-03-11 1 2 3 4 5 ... 19 20 21