Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
CVE-2026-42682
CRITICAL CVSS 9.1
Find Similar
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6.
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum:
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Page 1+ Next →