Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the creat
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList() function in all versions up to, and includ
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.
The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escapin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authe
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when u
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authenticatio
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_we
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is
CVE-2024-11281
CRITICAL CVSS 9.8
Find Similar
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'
The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to ins
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, an
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in v
CVE-2024-12919
CRITICAL CVSS 9.8
Find Similar
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a befo
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versi