Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 HIGH19 MEDIUM
CVE-2024-8520
MEDIUM CVSS 4.3
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t
ultimatemember
NVD RRF 0.016
CVE-2025-0318
MEDIUM CVSS 5.3
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and
ultimatemember
NVD RRF 0.016
CVE-2024-8519
MEDIUM CVSS 5.4
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'u
ultimatemember
NVD RRF 0.016
CVE-2024-13753
HIGH CVSS 8.8
Find Similar
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the
webcodingplace
NVD RRF 0.016
CVE-2025-9892
MEDIUM CVSS 5.3
Find Similar
The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the
NVD RRF 0.015
CVE-2025-15064
MEDIUM CVSS 6.4
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user descri
NVD RRF 0.015
CVE-2025-14354
MEDIUM CVSS 4.3
Find Similar
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple
NVD RRF 0.015
CVE-2026-1644
MEDIUM CVSS 4.3
Find Similar
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' fun
NVD RRF 0.015
CVE-2025-3284
MEDIUM CVSS 4.3
Find Similar
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3
NVD RRF 0.014
CVE-2024-10789
MEDIUM CVSS 4.3
Find Similar
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpu
NVD RRF 0.014
CVE-2025-14976
MEDIUM CVSS 5.4
Find Similar
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request
NVD RRF 0.014
CVE-2025-13220
MEDIUM CVSS 6.4
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sh
NVD RRF 0.014
CVE-2025-9887
MEDIUM CVSS 4.3
Find Similar
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in t
NVD RRF 0.014
CVE-2024-12276
MEDIUM CVSS 6.5
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all
ultimatemember
NVD RRF 0.014
CVE-2025-2168
MEDIUM CVSS 4.3
Find Similar
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Req
bdthemes
NVD RRF 0.013
CVE-2025-10691
MEDIUM CVSS 4.3
Find Similar
The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show
NVD RRF 0.013
CVE-2026-1404
MEDIUM CVSS 6.1
Find Similar
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter p
NVD RRF 0.013
CVE-2025-10302
MEDIUM CVSS 4.3
Find Similar
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_opti
NVD RRF 0.013
CVE-2026-2494
MEDIUM CVSS 4.3
Find Similar
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce val
NVD RRF 0.013
CVE-2024-13560
MEDIUM CVSS 4.3
Find Similar
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce valid
NVD RRF 0.013
Page 1+ Next →