Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check
CVE-2024-13790
CRITICAL CVSS 9.8
Find Similar
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This m
The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_upd
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings up
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing vali
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the U
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the ge
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulat
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the abi
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content
CVE-2025-2266
CRITICAL CVSS 9.8
Find Similar
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUp
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the pr
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional produc
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.ph
The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_product
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versi
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitizati
Page 1+ Next →