Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it pos
The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient in
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[
The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the save_table() function in all ver
The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitizat
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insuf
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insu
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the r
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() functi
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffici
The Smart Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and
CVE-2026-4119
CRITICAL CVSS 9.1
Find Similar
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up
The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inpu
The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.
Page 1+ Next →