Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects B
The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the `book` shortcode due to insufficient path sa
The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of `call_user_func_array()` with user-controlled
In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of
CVE-2025-11023
CRITICAL CVSS 9.8
Find Similar
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software an
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for auth
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users t
The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contrib
The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL
The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated at
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for au
CVE-2026-25470
CRITICAL CVSS 10.0
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custo
The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2 due to insufficient input
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insuff
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontend_admin/forms/update_field' AJAX action in all versions up to
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.
CVE-2025-14502
CRITICAL CVSS 9.8
Find Similar
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenti
The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for auth
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codemstory 워드프레스 결제 심플페이 pgall-for-woocommerce allows PHP Local File Inclusion.