Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1)
CVE-2024-37420
CWE-434
High
WordPress Plugin Zlick Paywall Security Bypass (2.2.1)
-
CWE-264
High
WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)
CVE-2015-4465
CWE-79
High
WordPress Plugin ZM Gallery SQL Injection (1.0)
CVE-2016-10940
CWE-89
High
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1)
CVE-2019-19306
CWE-79
High
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.7.2.8)
CVE-2021-33849
CWE-79
High
WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)
-
-
High
WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)
CVE-2024-37225
CWE-89
High
WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8)
CVE-2019-15645
CWE-352
High
WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01)
CVE-2011-5180
CWE-79
High
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
-
CWE-434
High
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)
CVE-2021-39316
CWE-22
High
WordPress Plugin Zotpress 'citation' Parameter Cross-Site Scripting (2.6.1)
-
CWE-79
High
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
-
CWE-89
High
WordPress Plugin Zotpress SQL Injection (6.1.2)
CVE-2016-1000217
CWE-89
High
WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)
-
-
High
WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)
-
-
High
WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)
-
CWE-352
High
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4)
CVE-2017-8295
CWE-264
High
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)
CVE-2017-16510
CWE-89
High
WordPress readme.html file
-
CWE-200
Information
WordPress Resource Management Errors Vulnerability (CVE-2014-5265)
CVE-2014-5265
-
Medium
WordPress Resource Management Errors Vulnerability (CVE-2014-5266)
CVE-2014-5266
-
Medium
WordPress REST API User Enumeration
-
CWE-200
Low
WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13)
CVE-2016-4566
CWE-79
High
WordPress Server-Side Request Forgery (3.7 - 6.1.1)
CVE-2022-3590
CWE-918
High
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029)
CVE-2016-4029
CWE-918
High
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066)
CVE-2017-9066
CWE-918
High
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)
CVE-2019-17669
CWE-918
Critical
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)
CVE-2019-17670
CWE-918
Critical
WordPress Super Socialat backdoor plugin
-
CWE-94
High
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2019-17231
CWE-79
High
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
CVE-2022-3590
CWE-367
Medium
WordPress Ultimate Member Plugin Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-6859)
CVE-2020-6859
CWE-639
Medium
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673)
CVE-2019-10673
CWE-352
High
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)
CVE-2023-31216
CWE-352
High
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8520)
CVE-2024-8520
CWE-352
Medium
WordPress Ultimate Member Plugin CVE-2019-10271 Vulnerability (CVE-2019-10271)
CVE-2019-10271
-
Medium
WordPress Ultimate Member Plugin CVE-2020-36157 Vulnerability (CVE-2020-36157)
CVE-2020-36157
-
Critical
WordPress Ultimate Member Plugin CVE-2020-36170 Vulnerability (CVE-2020-36170)
CVE-2020-36170
-
Medium
WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)
CVE-2025-0318
-
Medium
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361)
CVE-2022-3361
CWE-22
Medium
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3966)
CVE-2022-3966
CWE-22
High
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8354)
CVE-2015-8354
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9304)
CVE-2015-9304
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10872)
CVE-2016-10872
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0585)
CVE-2018-0585
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13136)
CVE-2018-13136
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17866)
CVE-2018-17866
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20965)
CVE-2018-20965
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6944)
CVE-2018-6944
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14945)
CVE-2019-14945
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14946)
CVE-2019-14946
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947)
CVE-2019-14947
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-24306)
CVE-2021-24306
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1208)
CVE-2022-1208
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2123)
CVE-2024-2123
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2765)
CVE-2024-2765
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8519)
CVE-2024-8519
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)
CVE-2024-1071
CWE-138
Critical
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-12276)
CVE-2024-12276
CWE-138
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155)
CVE-2020-36155
CWE-269
Critical
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36156)
CVE-2020-36156
CWE-269
High
WordPress Ultimate Member Plugin Missing Authorization Vulnerability (CVE-2024-10528)
CVE-2024-10528
CWE-862
Medium
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)
CVE-2022-3383
-
High
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384)
CVE-2022-3384
-
High
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209)
CVE-2022-1209
CWE-601
Medium
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)
CVE-2019-10270
CWE-640
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
CVE-2018-6389
CWE-400
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
CVE-2023-22622
CWE-400
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
CVE-2018-14028
CWE-434
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-31210)
CVE-2024-31210
CWE-434
High
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)
CVE-2017-14725
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)
CVE-2018-10100
CWE-601
Medium