Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-1128
CRITICAL CVSS 9.8
Find Similar
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file typ
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce valida
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' functi
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in th
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in
The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all vers
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in a
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by(
The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. wrld_set_configuration, wrld_exclude_se
The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal s
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tu
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all ver
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Th
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authen
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess func
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in