Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for
CVE-2025-4104
CRITICAL CVSS 9.8
Find Similar
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This mak
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler r
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This mak
CVE-2025-3605
CRITICAL CVSS 9.8
Find Similar
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not pr
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router`
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not prope
CVE-2025-5486
CRITICAL CVSS 9.8
Find Similar
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possib
CVE-2025-12158
CRITICAL CVSS 9.8
Find Similar
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes i
The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handle_request() f
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. T
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated thr
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not p
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not pr
CVE-2025-4607
CRITICAL CVSS 9.8
Find Similar
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to th
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to s
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's ide
Page 1+ Next →