Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when sa
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This m
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This make
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possibl
CVE-2024-10586
CRITICAL CVSS 9.8
Find Similar
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to,
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and inclu
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-a
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined wi
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitizatio
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attacke
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This ma
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attac
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauth
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to,
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible fo
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unaut
Page 1+ Next →