Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

High Severity Vulnerabilities

Found 12675 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.5)
CVE-2024-31292
CWE-434
High
WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.3)
CVE-2023-4300
CWE-434
High
WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)
CVE-2023-4521
CWE-94
High
WordPress Plugin Import XML and RSS Feeds Server-Side Request Forgery (2.0.2)
CVE-2020-24148
CWE-918
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.44)
CVE-2024-6397
CWE-269
High
WordPress Plugin IQ Testimonials Arbitrary File Upload (2.2.7)
CVE-2024-6314
CWE-434
High
WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)
CVE-2024-38772
CWE-22
High
WordPress Plugin JSON API User Privilege Escalation (3.9.3)
CVE-2024-6624
CWE-269
High
WordPress Plugin JSON API User Unspecified Vulnerability (3.9.6)
-
-
High
WordPress Plugin Keydatas Arbitrary File Upload (2.5.2)
CVE-2024-6220
CWE-434
High
WordPress Plugin Modern Events Calendar Arbitrary File Upload (7.11.0)
CVE-2024-5441
CWE-434
High
WordPress Plugin Modern Events Calendar Lite Arbitrary File Upload (7.11.0)
CVE-2024-5441
CWE-434
High
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.14.7)
CVE-2024-6328
CWE-269
High
WordPress Plugin Newspack Blocks Arbitrary File Upload (3.0.8)
CVE-2024-37424
CWE-434
High
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Cross-Site Scripting (1.1.1)
CVE-2024-30450
CWE-79
High
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)
-
CWE-1372
High
WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2)
CVE-2024-3604
CWE-89
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4)
CVE-2024-37277
CWE-639
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (3.0.5)
CVE-2024-37486
CWE-89
High
WordPress Plugin PayPlus Payment Gateway SQL Injection (6.6.8)
CVE-2024-6205
CWE-89
High
WordPress Plugin PayPlus Payment Gateway SQL Injection (7.0.7)
CVE-2024-37564
CWE-89
High
WordPress Plugin Pixel Manager for WooCommerce-Track Google Analytics, Google Ads, TikTok and more Supply Chain Attack [Polyfill.io] (1.43.3)
-
CWE-1372
High
WordPress Plugin Pods-Custom Content Types and Fields Malicious Code (3.2.3)
CVE-2024-6297
CWE-506
High
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.2.9.2)
CVE-2022-0176
CWE-79
High
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0.4)
CVE-2024-37409
CWE-79
High
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0)
CVE-2024-2289
CWE-79
High
WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)
CVE-2024-37410
CWE-22
High
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)
CVE-2024-6365
CWE-94
High
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Privilege Escalation (5.8.9)
CVE-2024-6411
CWE-269
High
WordPress Plugin Qualified Electronic Signatures by eID Easy Supply Chain Attack [Polyfill.io] (3.3.0)
-
CWE-1372
High
WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)
CVE-2024-6028
CWE-89
High
WordPress Plugin Realtyna Organic IDX + WPL Real Estate Arbitrary File Upload (4.14.13)
CVE-2024-38736
CWE-434
High
WordPress Plugin Search & Replace PHP Object Injection (3.2.2)
CVE-2024-38759
CWE-915
High
WordPress Plugin Search & Replace SQL Injection (3.2.1)
CVE-2024-4145
CWE-89
High
WordPress Plugin SEO by Squirrly SEO SQL Injection (12.3.19)
CVE-2024-6497
CWE-89
High
WordPress Plugin Spiffy Calendar Security Bypass (4.9.10)
CVE-2024-30528
CWE-862
High
WordPress Plugin Spiffy Calendar SQL Injection (4.9.11)
CVE-2024-38692
CWE-89
High
WordPress Plugin Timeline Event History PHP Object Injection (3.1)
CVE-2024-5726
CWE-915
High
WordPress Plugin Twenty20 Image Before-After Malicious Code (1.6.3)
CVE-2024-6297
CWE-506
High
WordPress Plugin UiPress lite-Effortless custom dashboards, admin themes and pages SQL Injection (3.4.06)
CVE-2024-38788
CWE-89
High
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (3.11.8)
CVE-2024-6695
CWE-287
High
WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WP SQL Injection (1.2.10)
CVE-2024-6265
CWE-89
High
WordPress Plugin Video Downloader for TikTok Directory Traversal (1.3)
CVE-2020-24143
CWE-22
High
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress Supply Chain Attack [Polyfill.io] (1.6.23)
-
CWE-1372
High
WordPress Plugin WooCommerce OpenPOS Arbitrary File Deletion (6.4.4)
CVE-2024-37932
CWE-73
High
WordPress Plugin WooCommerce OpenPOS SQL Injection (6.4.4)
CVE-2024-37933
CWE-89
High
WordPress Plugin WooCommerce Social Login PHP Object Injection (2.6.3)
CVE-2024-37502
CWE-915
High
WordPress Plugin WooCommerce Social Login PHP Object Injection (2.6.2)
CVE-2024-5871
CWE-915
High
WordPress Plugin WooCommerce Social Login Privilege Escalation (2.7.3)
CVE-2024-6636
CWE-862
High
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.6.1)
CVE-2024-2386
CWE-89
High
WordPress Plugin WP User Frontend-Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Supply Chain Attack [Polyfill.io] (4.0.7)
-
CWE-1372
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Cross-Site Scripting (2.2.24)
CVE-2024-5427
CWE-79
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Cross-Site Scripting (2.1.4)
-
CWE-79
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Local File Inclusion (2.2.25)
CVE-2024-5431
CWE-22
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Security Bypass (2.2.22)
CVE-2023-47805
CWE-862
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Server-Side Request Forgery (2.2.23)
CVE-2024-1855
CWE-918
High
WordPress Plugin WPCOM Member Malicious Code (1.3.16)
CVE-2024-6297
CWE-506
High
WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1)
CVE-2024-37420
CWE-434
High
WordPress Plugin Flipbox Builder PHP Object Injection (1.5)
CVE-2024-6152
CWE-915
High
WordPress Plugin Great Restaurant Menu WP SQL Injection (1.4.1)
CVE-2024-38793
CWE-89
High
WordPress Plugin Grow by Tradedoubler-Advertiser for WooCommerce Local File Inclusion (2.0.21)
CVE-2024-6460
CWE-22
High
WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)
CVE-2024-6589
CWE-22
High
WordPress Plugin ListingPro Local File Inclusion (2.9.3)
CVE-2024-39619
CWE-22
High
WordPress Plugin ListingPro SQL Injection (2.9.3)
CVE-2024-38795
CWE-89
High
WordPress Plugin MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles Arbitrary File Deletion (1.9.2)
CVE-2024-6885
CWE-73
High
WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)
CVE-2024-6431
CWE-434
High
WordPress Plugin News Element Elementor Blog Magazine Local File Inclusion (1.0.5)
CVE-2024-6459
CWE-22
High
WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)
CVE-2024-39633
CWE-269
High
WordPress Plugin PowerPack Pro for Elementor Privilege Escalation (2.10.14)
CVE-2024-39634
CWE-269
High
WordPress Plugin Redux Framework Cross-Site Scripting (4.4.17)
CVE-2024-6828
CWE-79
High
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Arbitrary File Upload (5.3.14)
CVE-2024-6756
CWE-434
High
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Cross-Site Scripting (5.3.14)
CVE-2024-6753
CWE-79
High
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Security Bypass (5.3.14)
CVE-2024-6750
CWE-862
High
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Security Bypass (4.9.3)
CVE-2024-7027
CWE-863
High
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Unspecified Vulnerability (4.9.4)
-
-
High