Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to per
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting att
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even w
The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan set
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att
The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh
The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting