Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-39441
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
CVE-2026-42386
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
CVE-2025-59554
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
CVE-2026-52693
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVE-2026-40725
CRITICAL CVSS 9.8
Find Similar
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-42381
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insuf
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting maliciou
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injec
CVE-2026-49776
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.
Page 1+ Next →