🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13196 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Sticky Popup Cross-Site Scripting (1.2)
CVE-2022-1750
CWE-79
High
WordPress Plugin SVG Support Cross-Site Scripting (2.4.2)
CVE-2022-1755
CWE-79
High
WordPress Plugin SVG Support Cross-Site Scripting (2.3.19)
CVE-2021-24686
CWE-79
High
WordPress Plugin Tatsu Arbitrary File Upload (3.3.11)
CVE-2021-25094
CWE-434
High
WordPress Plugin The Events Calendar Countdown Addon Security Bypass (1.3.1)
-
CWE-94
High
WordPress Plugin Titan Anti-spam & Security Security Bypass (7.3.0)
CVE-2022-2877
CWE-264
High
WordPress Plugin ToolBar to Share Cross-Site Request Forgery (2.0)
CVE-2022-1918
CWE-352
High
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.1)
CVE-2021-24455
CWE-79
High
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)
CVE-2022-2563
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.4.0)
-
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.3.2)
CVE-2022-1208
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.3.1)
CVE-2022-1209
CWE-601
High
WordPress Plugin Ultimate SMS Notifications for WooCommerce CSV Injection (1.4.1)
CVE-2022-2429
CWE-1236
High
WordPress Plugin Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Multiple Cross-Site Scripting Vulnerabilities (45.0)
CVE-2022-2430
CWE-79
High
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)
CVE-2022-2108
CWE-264
High
WordPress Plugin WBW Currency Switcher for WooCommerce Cross-Site Scripting (1.6.5)
CVE-2022-2575
CWE-79
High
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (7.6.0)
CVE-2022-3144
CWE-79
High
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)
CVE-2022-3069
CWE-79
High
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Directory Traversal (5.5.4)
-
CWE-22
High
WordPress Plugin WordPress Ping Optimizer Cross-Site Request Forgery (2.35.1.2.3)
CVE-2022-1591
CWE-352
High
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.0)
CVE-2022-2939
CWE-264
High
WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.5)
CVE-2021-36852
CWE-352
High
WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)
CVE-2020-29047
CWE-915
High
WordPress Plugin WP JS Cross-Site Scripting (2.0.6)
CVE-2022-1567
CWE-79
High
WordPress Plugin WP Popup Builder-Popup Forms, Marketing PoPuP & Newsletter Multiple Vulnerabilities (1.2.8)
CVE-2022-2405
CWE-862
High
WordPress Plugin WP Server Health Stats Cross-Site Scripting (1.6.10)
CVE-2022-2887
CWE-79
High
WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (7.2)
CVE-2022-2763
CWE-79
High
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)
CVE-2022-2737
CWE-79
High
WordPress Plugin WP Taxonomy Import Cross-Site Scripting (1.0.4)
CVE-2022-2669
CWE-79
High
WordPress Plugin WP Users Exporter CSV Injection (1.4.2)
CVE-2022-3026
CWE-1236
High
WordPress Plugin WP YouTube Live Cross-Site Scripting (1.7.21)
CVE-2022-1187
CWE-79
High
WordPress Plugin WP YouTube Live Cross-Site Scripting (1.8.2)
CVE-2022-1334
CWE-79
High
WordPress Plugin WPGateway Privilege Escalation (3.5)
CVE-2022-3180
CWE-269
High
WordPress Plugin WPMK Ajax Finder Cross-Site Request Forgery (1.0.1)
CVE-2022-1749
CWE-352
High
WordPress Plugin WPtouch Cross-Site Scripting (4.3.42)
-
CWE-79
High
WordPress Plugin Zephyr Project Manager Cross-Site Scripting (3.2.40)
CVE-2022-1822
CWE-79
High
WordPress Plugin Zephyr Project Manager Multiple Vulnerabilities (3.2.42)
CVE-2022-2840
CWE-89
High
WordPress Plugin 3D Tag Cloud Cross-Site Request Forgery (3.8)
CVE-2022-36417
CWE-352
High
WordPress Plugin 3dady real-time web stats Cross-Site Request Forgery (1.0)
-
CWE-352
High
WordPress Plugin AdminPad Cross-Site Request Forgery (2.1)
CVE-2022-2762
CWE-352
High
WordPress Plugin Backup Scheduler Cross-Site Request Forgery (1.5.13)
CVE-2022-38079
CWE-352
High
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)
CVE-2022-3247
CWE-918
High
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Security Bypass (6.9.11)
CVE-2022-3622
CWE-862
High
WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Multiple Cross-Site Request Forgery Vulnerabilities (1.1.4)
CVE-2021-36855
CWE-352
High
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)
CVE-2022-3350
CWE-79
High
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)
-
CWE-79
High
WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)
CVE-2022-1800
CWE-89
High
WordPress Plugin Export Post Info Cross-Site Scripting (1.1.0)
CVE-2022-38068
CWE-79
High
WordPress Plugin Export Post Info CSV Injection (1.2.0)
CVE-2022-38061
CWE-1236
High
WordPress Plugin FavIcon Switcher Cross-Site Request Forgery (1.2.11)
CVE-2022-40219
CWE-352
High
WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.15.5)
CVE-2022-3300
CWE-89
High
WordPress Plugin Forym-Modern Discussion Forum for Wordpress-Forums Cross-Site Scripting (1.5.8)
-
CWE-79
High
WordPress Plugin Frontend File Manager Cross-Site Request Forgery (21.3)
CVE-2022-3126
CWE-352
High
WordPress Plugin Helpful Information Disclosure (4.5.25)
CVE-2022-2834
CWE-200
High
WordPress Plugin Helpful Security Bypass (4.5.14)
-
CWE-264
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)
-
CWE-434
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (6.4.2)
CVE-2022-0360
CWE-79
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
CVE-2022-3244
CWE-862
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)
-
CWE-862
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
CVE-2022-1977
CWE-918
High
WordPress Plugin Kadence WooCommerce Email Designer PHP Object Injection (1.5.6)
CVE-2022-3335
CWE-915
High
WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)
CVE-2022-38454
CWE-352
High
WordPress Plugin LBstopattack Cross-Site Request Forgery (1.1.2)
CVE-2022-3097
CWE-352
High
WordPress Plugin Manage Notification E-mails Cross-Site Request Forgery (1.8.2)
CVE-2022-34654
CWE-352
High
WordPress Plugin miniOrange Discord Integration Security Bypass (2.1.5)
CVE-2022-3082
CWE-284
High
WordPress Plugin Passster-Password Protection Weak Encoding (3.5.5.5.1)
CVE-2022-3206
CWE-326
High
WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)
CVE-2022-3393
CWE-1236
High
WordPress Plugin Retain Live Chat Cross-Site Scripting (0.1)
CVE-2022-3391
CWE-79
High
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)
CVE-2022-3131
CWE-89
High
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)
CVE-2022-3302
CWE-89
High
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Cross-Site Scripting (3.7.1)
CVE-2022-40215
CWE-79
High
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)
-
CWE-862
High
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)
CVE-2022-36375
CWE-863
High
WordPress Plugin We�re Open! Cross-Site Scripting (1.41)
CVE-2022-3139
CWE-79
High
WordPress Plugin WP ALL Export Pro Multiple Vulnerabilities (1.7.8)
CVE-2022-3395
CWE-94
High
« Previous
1
...
159
160
161
162
163
164
165
166
...
176
Next »
