Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to p
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versi
CVE-2024-11015
CRITICAL CVSS 9.8
Find Similar
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing s
CVE-2025-9485
CRITICAL CVSS 9.8
Find Similar
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugi
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' fun
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check o
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the
CVE-2025-7444
CRITICAL CVSS 9.8
Find Similar
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the s
CVE-2024-10961
CRITICAL CVSS 9.8
Find Similar
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the soc
The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_passkey() and passkeys_list() function in all versions up to, and includin
CVE-2025-4973
CRITICAL CVSS 9.8
Find Similar
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perfo
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user bei
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to,
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and auth
CVE-2024-10924
CRITICAL CVSS 9.8
Find Similar
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaG
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perf
Page 1+ Next →