Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a t
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_s
Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.
CVE-2025-68018
CRITICAL CVSS 9.4
Find Similar
Missing Authorization vulnerability in StackWC Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener
Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notificati
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as scr
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in al
Missing Authorization vulnerability in WordLift WordLift wordlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordLift: from n/a through <= 3.54.4.
Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a thr
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a throug
Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0.
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP:
CVE-2026-54803
CRITICAL CVSS 9.8
Find Similar
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the u
Incorrect Privilege Assignment vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Privilege Escalation.This issue affects Admin and Site Enhancements (ASE): from n/
CVE-2024-56220
CRITICAL CVSS 9.8
Find Similar
Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: fro
CVE-2025-5486
CRITICAL CVSS 9.8
Find Similar
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possib
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for
Page 1+ Next →