Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authentica
The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitizatio
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for a
The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input san
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of serv
The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sani
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6
CVE-2024-58348
CRITICAL CVSS 9.3
Find Similar
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attacke
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This ma
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9
The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitizatio
CVE-2025-12539
CRITICAL CVSS 10.0
Find Similar
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credenti
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including,
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient i
The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post cus
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possib
The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and outpu
The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated at
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up t
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all versions