Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain expor
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpl
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up
CVE-2025-11693
CRITICAL CVSS 9.8
Find Similar
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files cont
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sa
The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to in
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including,
wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers
wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting commen
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal wi
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin a
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_d
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowin
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions u
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. A
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce valida
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it pos
Page 1+ Next →