Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-14440
CRITICAL CVSS 9.8
Find Similar
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_regist
CVE-2025-15027
CRITICAL CVSS 9.8
Find Similar
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met
CVE-2024-9988
CRITICAL CVSS 9.8
Find Similar
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This mak
CVE-2024-9989
CRITICAL CVSS 9.8
Find Similar
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' f
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to aut
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of passwor
CVE-2024-9501
CRITICAL CVSS 9.8
Find Similar
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the
The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troub
CVE-2025-10484
CRITICAL CVSS 9.8
Find Similar
The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not
CVE-2024-11015
CRITICAL CVSS 9.8
Find Similar
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing s
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in t
CVE-2025-34077
CRITICAL CVSS 10.0
Find Similar
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request t
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'aja
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member'
CVE-2024-10961
CRITICAL CVSS 9.8
Find Similar
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the soc
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check'
Page 1+ Next →