Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947)
CVE-2019-14947
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-24306)
CVE-2021-24306
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1208)
CVE-2022-1208
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2123)
CVE-2024-2123
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2765)
CVE-2024-2765
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8519)
CVE-2024-8519
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)
CVE-2024-1071
CWE-138
Critical
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-12276)
CVE-2024-12276
CWE-138
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155)
CVE-2020-36155
CWE-269
Critical
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36156)
CVE-2020-36156
CWE-269
High
WordPress Ultimate Member Plugin Missing Authorization Vulnerability (CVE-2024-10528)
CVE-2024-10528
CWE-862
Medium
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)
CVE-2022-3383
-
High
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384)
CVE-2022-3384
-
High
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209)
CVE-2022-1209
CWE-601
Medium
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)
CVE-2019-10270
CWE-640
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
CVE-2018-6389
CWE-400
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
CVE-2023-22622
CWE-400
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
CVE-2018-14028
CWE-434
High
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)
CVE-2017-14725
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)
CVE-2018-10100
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)
CVE-2018-10101
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)
CVE-2019-16220
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)
CVE-2020-4048
CWE-601
Medium
WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)
CVE-2007-6013
CWE-327
Critical
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493)
CVE-2017-5493
CWE-338
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
WordPress user registration enabled
-
CWE-16
Information
WordPress User-Agent SQL Injection Vulnerability (1.5.2)
CVE-2006-1012
CWE-89
High
WordPress username enumeration
-
CWE-200
Medium
WordPress W3 Total Cache plugin predictable cache filenames
CVE-2012-6079
CWE-200
High
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)
CVE-2014-6412
CWE-640
High
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)
CVE-2017-8295
CWE-640
Medium
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027)
CVE-2020-11027
CWE-640
High
WordPress XML-RPC authentication brute force
-
CWE-521
Medium
WP Plugin Contact Form 7 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-6630)
CVE-2023-6630
CWE-639
Medium
WP Plugin Contact Form 7 CVE-2018-20979 Vulnerability (CVE-2018-20979)
CVE-2018-20979
-
Critical
WP Plugin Contact Form 7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2242)
CVE-2024-2242
CWE-707
Medium
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
CVE-2025-3247
CWE-354
Medium
WP Plugin Contact Form 7 Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2265)
CVE-2014-2265
CWE-264
Medium
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-35489)
CVE-2020-35489
CWE-434
Critical
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-6449)
CVE-2023-6449
CWE-434
High
WP Plugin Contact Form 7 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-4704)
CVE-2024-4704
CWE-601
Medium
WPEngine _wpeprivate/config.json information disclosure
-
CWE-200
High
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
WSO2 Management Console XSS (CVE-2022-29548)
CVE-2022-29548
CWE-79
Medium
X-Content-Type-Options (XCTO) Not Implemented
-
-
Information
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
XML entity injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML quadratic blowup denial of service attack
-
CWE-400
High
XOOPS CVE-2009-3963 Vulnerability (CVE-2009-3963)
CVE-2009-3963
-
High
XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)
CVE-2011-3822
CWE-200
Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-2516)
CVE-2006-2516
CWE-22
Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0612)
CVE-2008-0612
CWE-22
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)
CVE-2008-3296
CWE-22
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6884)
CVE-2008-6884
CWE-22
Medium
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)
CVE-2008-0613
CWE-59
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1453)
CVE-2003-1453
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2004-2756)
CVE-2004-2756
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2035)
CVE-2008-2035
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3295)
CVE-2008-3295
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4432)
CVE-2008-4432
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4435)
CVE-2008-4435
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6885)
CVE-2008-6885
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2783)
CVE-2009-2783
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4565)
CVE-2011-4565
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0984)
CVE-2012-0984
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12139)
CVE-2017-12139
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7944)
CVE-2017-7944
CWE-707
Medium
«
1
...
306
307
308
...
313
»
