Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE `/subscribers` REST API endpoint in all versions up to, and including,
The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to acces
The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all versio
The Notification Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the 'subscriber
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as auth
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functio
CVE-2025-1562
CRITICAL CVSS 9.8
Find Similar
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missi
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions
The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including, 1.9.4. T
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the prop
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to t
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of serv
CVE-2026-4365
CRITICAL CVSS 9.1
Find Similar
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_
The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.1
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is a
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and inc
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of
Page 1+ Next →