Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
2 CRITICAL12 HIGH6 MEDIUM
CVE-2026-49065
HIGH CVSS 8.2
Find Similar
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
NVD RRF 0.016
CVE-2026-49072
MEDIUM CVSS 6.5
Find Similar
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
NVD RRF 0.016
CVE-2026-48883
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
NVD RRF 0.016
CVE-2026-49060
CRITICAL CVSS 9.8
Find Similar
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.
NVD RRF 0.015
CVE-2026-48873
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
NVD RRF 0.015
CVE-2026-10580
CRITICAL CVSS 9.8
Find Similar
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a
NVD RRF 0.015
CVE-2026-40741
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
NVD RRF 0.015
CVE-2026-42664
HIGH CVSS 8.2
Find Similar
Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions.
NVD RRF 0.014
CVE-2025-12655
MEDIUM CVSS 5.3
Find Similar
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST
NVD RRF 0.014
CVE-2026-34898
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
NVD RRF 0.014
CVE-2026-49071
MEDIUM CVSS 6.5
Find Similar
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
NVD RRF 0.014
CVE-2026-49775
MEDIUM CVSS 6.5
Find Similar
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
NVD RRF 0.014
CVE-2026-24585
MEDIUM CVSS 6.5
Find Similar
Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a
NVD RRF 0.013
CVE-2026-49110
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
NVD RRF 0.013
CVE-2025-13339
HIGH CVSS 7.5
Find Similar
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for
NVD RRF 0.013
CVE-2023-50850
MEDIUM CVSS 4.3
Find Similar
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a befo
NVD RRF 0.013
CVE-2026-42668
HIGH CVSS 7.5
Find Similar
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
NVD RRF 0.013
Page 1+ Next →