Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_s
CVE-2025-1315
CRITICAL CVSS 9.8
Find Similar
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's id
CVE-2025-9054
CRITICAL CVSS 9.8
Find Similar
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capabili
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change
CVE-2026-4880
CRITICAL CVSS 9.8
Find Similar
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication
CVE-2025-3604
CRITICAL CVSS 9.8
Find Similar
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user'
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() functi
The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields p
CVE-2025-2266
CRITICAL CVSS 9.8
Find Similar
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUp
CVE-2024-11103
CRITICAL CVSS 9.8
Find Similar
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a us
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all v
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating
CVE-2024-9305
CRITICAL CVSS 9.8
Find Similar
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_passwor
CVE-2025-0181
CRITICAL CVSS 9.8
Find Similar
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to
The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' fun
CVE-2025-15521
CRITICAL CVSS 9.8
Find Similar
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This
← Previous Page 5