Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)
CVE-2022-3383
-
High
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384)
CVE-2022-3384
-
High
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209)
CVE-2022-1209
CWE-601
Medium
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)
CVE-2019-10270
CWE-640
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
CVE-2018-6389
CWE-400
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
CVE-2023-22622
CWE-400
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
CVE-2018-14028
CWE-434
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-31210)
CVE-2024-31210
CWE-434
High
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)
CVE-2017-14725
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)
CVE-2018-10100
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)
CVE-2018-10101
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)
CVE-2019-16220
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)
CVE-2020-4048
CWE-601
Medium
WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)
CVE-2007-6013
CWE-327
Critical
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493)
CVE-2017-5493
CWE-338
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
WordPress user registration enabled
-
CWE-16
Information
WordPress User-Agent SQL Injection Vulnerability (1.5.2)
CVE-2006-1012
CWE-89
High
WordPress username enumeration
-
CWE-200
Medium
WordPress W3 Total Cache plugin predictable cache filenames
CVE-2012-6079
CWE-200
High
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)
CVE-2014-6412
CWE-640
High
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)
CVE-2017-8295
CWE-640
Medium
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027)
CVE-2020-11027
CWE-640
High
WordPress XML-RPC authentication brute force
-
CWE-521
Medium
WP Plugin Advanced Custom Fields CVE-2024-4565 Vulnerability (CVE-2024-4565)
CVE-2024-4565
-
Medium
WP Plugin Advanced Custom Fields CVE-2024-9529 Vulnerability (CVE-2024-9529)
CVE-2024-9529
-
Medium
WP Plugin Advanced Custom Fields Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20986)
CVE-2018-20986
CWE-707
Medium
WP Plugin Advanced Custom Fields Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-24241)
CVE-2021-24241
CWE-707
Medium
WP Plugin Advanced Custom Fields Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-40068)
CVE-2023-40068
CWE-707
Medium
WP Plugin Advanced Custom Fields Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6701)
CVE-2023-6701
CWE-707
Medium
WP Plugin Contact Form 7 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-6630)
CVE-2023-6630
CWE-639
Medium
WP Plugin Contact Form 7 CVE-2018-20979 Vulnerability (CVE-2018-20979)
CVE-2018-20979
-
Critical
WP Plugin Contact Form 7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2242)
CVE-2024-2242
CWE-707
Medium
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
CVE-2025-3247
CWE-354
Medium
WP Plugin Contact Form 7 Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2265)
CVE-2014-2265
CWE-264
Medium
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-35489)
CVE-2020-35489
CWE-434
Critical
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-6449)
CVE-2023-6449
CWE-434
High
WP Plugin Contact Form 7 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-4704)
CVE-2024-4704
CWE-601
Medium
WPEngine _wpeprivate/config.json information disclosure
-
CWE-200
High
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
WSO2 Management Console XSS (CVE-2022-29548)
CVE-2022-29548
CWE-79
Medium
X-Content-Type-Options (XCTO) Not Implemented
-
-
Information
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
XML entity injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML quadratic blowup denial of service attack
-
CWE-400
High
XOOPS CVE-2009-3963 Vulnerability (CVE-2009-3963)
CVE-2009-3963
-
High
XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)
CVE-2011-3822
CWE-200
Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-2516)
CVE-2006-2516
CWE-22
Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0612)
CVE-2008-0612
CWE-22
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)
CVE-2008-3296
CWE-22
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6884)
CVE-2008-6884
CWE-22
Medium
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)
CVE-2008-0613
CWE-59
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1453)
CVE-2003-1453
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2004-2756)
CVE-2004-2756
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2035)
CVE-2008-2035
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3295)
CVE-2008-3295
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4432)
CVE-2008-4432
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4435)
CVE-2008-4435
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6885)
CVE-2008-6885
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2783)
CVE-2009-2783
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4565)
CVE-2011-4565
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0984)
CVE-2012-0984
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12139)
CVE-2017-12139
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7944)
CVE-2017-7944
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16683)
CVE-2019-16683
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16684)
CVE-2019-16684
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36217)
CVE-2023-36217
CWE-707
Critical
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391)
CVE-2002-2391
CWE-138
High
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0611)
CVE-2008-0611
CWE-138
High