Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the
The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_gvccf_check_download_request' function in all versions u
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to,
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions up to, and including,
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and includi
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and includi
The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdb_ajax_delete_user() function in versions up
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/clas
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions u
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/expor
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. Th
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the r
Page 1+ Next →