Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-49328
CRITICAL CVSS 9.8
Find Similar
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect
CVE-2025-9209
CRITICAL CVSS 9.8
Find Similar
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API d
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.4.
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.7.
CVE-2025-23504
CRITICAL CVSS 9.8
Find Similar
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <=
Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass. This issue affects Apinizer Management Consol
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for u
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce vali
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers ca
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API no
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP
CVE-2025-6895
CRITICAL CVSS 9.8
Find Similar
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. Th
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is a
CVE-2026-0650
CRITICAL CVSS 9.3
Find Similar
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted r
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authenticati
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw m
Page 1+ Next →