Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user rol
The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not
The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This mak
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint in all versions up to, and i
The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions
CVE-2024-12155
CRITICAL CVSS 9.8
Find Similar
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and i
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean() function in all versions up to, and including, 1.6.5. This makes
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for una
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uip_save_site_o
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing
The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options_update' function in all versions up to, and including
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings
The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lsow_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing autho
The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versio
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.ph
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This mak
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all version
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. Thi
The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_v