Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-45444
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a thr
CVE-2025-48148
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper fo
CVE-2024-8425
CRITICAL CVSS 9.8
Find Similar
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart
CVE-2025-53213
CRITICAL CVSS 9.9
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-carrier-conditional-shipping allows Using
CVE-2025-60235
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue a
CVE-2024-50482
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce P
CVE-2025-60219
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pr
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 d
CVE-2025-64231
CRITICAL CVSS 9.9
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious File
CVE-2024-50510
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from
CVE-2024-52398
CRITICAL CVSS 9.1
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3.
CVE-2024-10820
CRITICAL CVSS 9.8
Find Similar
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3.
CVE-2025-49885
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Se
The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in a
CVE-2025-6440
CRITICAL CVSS 9.8
Find Similar
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation
CVE-2026-27540
CRITICAL CVSS 9.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue af
CVE-2024-50494
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects S
CVE-2024-54262
CRITICAL CVSS 9.9
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import
CVE-2025-5746
CRITICAL CVSS 9.8
Find Similar
The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() functi
CVE-2025-49414
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0.
Page 1+ Next →