Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-8791
CRITICAL CVSS 9.8
Find Similar
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Req
CVE-2026-2628
CRITICAL CVSS 9.8
Find Similar
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthe
CVE-2024-10961
CRITICAL CVSS 9.8
Find Similar
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the soc
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to miss
CVE-2026-8181
CRITICAL CVSS 9.8
Find Similar
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inco
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all ver
The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software a
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This ma
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticat
CVE-2024-9105
CRITICAL CVSS 9.8
Find Similar
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate
CVE-2024-10924
CRITICAL CVSS 9.8
Find Similar
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling
CVE-2024-9501
CRITICAL CVSS 9.8
Find Similar
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and incl
CVE-2024-11024
CRITICAL CVSS 9.8
Find Similar
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properl
CVE-2024-13905
CRITICAL CVSS 9.1
Find Similar
The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticat
CVE-2026-6279
CRITICAL CVSS 9.8
Find Similar
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp
CVE-2026-3655
CRITICAL CVSS 9.8
Find Similar
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `l
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that