Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional produc
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modificat
The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel B
The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when u
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulat
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal method
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce:
The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escapin
The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before
The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.28 due to insufficient
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification
CVE-2025-1562
CRITICAL CVSS 9.8
Find Similar
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missi
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user
CVE-2024-11281
CRITICAL CVSS 9.8
Find Similar
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and includ
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check
Page 1+ Next →