Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password p
The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for una
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it pos
The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers
The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attack
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauth
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing d
CVE-2025-11749
CRITICAL CVSS 9.8
Find Similar
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search featu
The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and i
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated atta
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and including, 1.0.15. This ma
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This m
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for u
The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials
Page 1+ Next →