Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-3810
CRITICAL CVSS 9.8
Find Similar
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's ide
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. Thi
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a u
CVE-2025-2237
CRITICAL CVSS 9.8
Find Similar
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in th
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in al
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user vali
CVE-2025-3604
CRITICAL CVSS 9.8
Find Similar
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user'
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a u
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including
CVE-2025-8359
CRITICAL CVSS 9.8
Find Similar
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authent
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's id
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insuf
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the up
CVE-2025-8059
CRITICAL CVSS 9.8
Find Similar
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and in
CVE-2025-8898
CRITICAL CVSS 9.8
Find Similar
The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX fun
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit A
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due