Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5.
CVE-2025-53314
CRITICAL CVSS 9.6
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0.
CVE-2025-30528
CRITICAL CVSS 9.3
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2.
The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insuffi
A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that pr
The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input san
CVE-2025-22953
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter param
Cross-Site Request Forgery (CSRF) vulnerability in aaronrobbins Post Ideas post-ideas allows SQL Injection.This issue affects Post Ideas: from n/a through <= 2.
Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by
CVE-2024-54372
CRITICAL CVSS 9.6
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4.
Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6.
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a thro
Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automa
The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to, and including, 2.0.0105 due to insufficient escaping on the user suppl
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied paramet
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.
CVE-2025-30615
CRITICAL CVSS 9.6
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects WP e-Commerce Style Email: from n/a throu
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User wp-ban-user allows Stored XSS.This issue affects WP-Ban-User: from n/a through <= 1.0.
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.
Page 1+ Next →