Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal op
The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/int
The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level acce
The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it poss
The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0.0.3
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it pos
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due t
The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php scrip
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser librar
The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and
The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitizatio
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information E
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' du
The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitiza
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possib
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated a
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The genera