🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13053 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin FlyingPress Security Bypass (3.9.6)
CVE-2022-4948
CWE-284
High
WordPress Plugin GD Mail Queue Cross-Site Scripting (3.9.3)
CVE-2023-3122
CWE-79
High
WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)
CVE-2023-3166
CWE-79
High
WordPress Plugin Mail Control-Email Customizer, SMTP Deliverability, logging, open and click Tracking Cross-Site Scripting (0.3.1)
CVE-2023-3158
CWE-79
High
WordPress Plugin Mail Queue Cross-Site Scripting (1.1)
CVE-2023-3167
CWE-79
High
WordPress Plugin MailArchiver Cross-Site Scripting (2.10.1)
CVE-2023-3136
CWE-79
High
WordPress Plugin Mailtree Log Mail Cross-Site Scripting (1.0.0)
CVE-2023-3135
CWE-79
High
WordPress Plugin SMTP Mail Cross-Site Scripting (1.3.1)
CVE-2023-3092
CWE-79
High
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.9)
CVE-2023-4040
CWE-862
High
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
CVE-2023-3162
CWE-639
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (2.2.4)
CVE-2022-3912
CWE-434
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Cross-Site Scripting (2.3.0)
CVE-2023-23987
CWE-79
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile PHP Object Injection (3.0.1)
CVE-2023-3343
CWE-915
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile PHP Object Injection (2.3.2.1)
CVE-2023-27459
CWE-915
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)
CVE-2023-29429
CWE-862
High
WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)
CVE-2021-36826
CWE-79
High
WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Privilege Escalation (2.6.4)
CVE-2023-3636
CWE-269
High
WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)
CVE-2023-27606
CWE-352
High
WordPress Plugin WP Reroute Email Cross-Site Scripting (1.4.9)
CVE-2023-3168
CWE-79
High
WordPress Plugin WP Reroute Email SQL Injection (1.4.6)
CVE-2023-27605
CWE-89
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)
CVE-2022-2372
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2)
CVE-2022-2371
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
CVE-2023-3093
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)
CVE-2022-2369
CWE-862
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (4.0.6)
CVE-2023-2087
CWE-352
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (3.8.5)
CVE-2022-47594
CWE-352
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple PHP Object Injection Vulnerabilities (4.2.0)
CVE-2023-4402
CWE-915
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple Security Bypass Vulnerabilities (4.0.6)
CVE-2023-2086
CWE-862
High
WordPress Plugin Essential Blocks Pro Multiple PHP Object Injection Vulnerabilities (1.1.0)
CVE-2023-4402
CWE-915
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11)
CVE-2023-0631
CWE-89
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.8)
CVE-2023-40676
CWE-79
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.9.2)
CVE-2022-4310
CWE-79
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.4)
CVE-2022-45366
CWE-79
High
WordPress Plugin Slimstat Analytics Multiple Vulnerabilities (5.0.9)
CVE-2023-4598
CWE-89
High
WordPress Plugin Slimstat Analytics Security Bypass (5.0.5.1)
CVE-2023-33994
CWE-862
High
WordPress Plugin Slimstat Analytics SQL Injection (5.0.4)
CVE-2022-45373
CWE-89
High
WordPress Plugin Slimstat Analytics SQL Injection (4.9.3.3)
-
CWE-89
High
WordPress Plugin Slimstat Analytics SQL Injection (4.9.3.2)
CVE-2023-0630
CWE-89
High
WordPress Plugin Dropbox Folder Share Local File Inclusion (1.9.7)
CVE-2023-4488
CWE-22
High
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
CVE-2023-3025
CWE-918
High
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)
CVE-2023-4772
CWE-79
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Unspecified Vulnerability (2.10.5)
-
-
High
WordPress Plugin Royal Elementor Addons and Templates Arbitrary File Upload (1.3.78)
CVE-2023-5360
CWE-434
High
WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)
CVE-2023-5212
CWE-73
High
WordPress Plugin AI ChatBot Cross-Site Scripting (4.9.6)
CVE-2023-5606
CWE-79
High
WordPress Plugin AI ChatBot Directory Traversal (4.9.2)
CVE-2023-5241
CWE-22
High
WordPress Plugin AI ChatBot Information Disclosure (4.8.9)
CVE-2023-5254
CWE-200
High
WordPress Plugin AI ChatBot SQL Injection (4.8.9)
CVE-2023-5204
CWE-89
High
WordPress Plugin UserPro-Community and User Profile Multiple Cross-Site Request Forgery Vulnerabilities (5.1.0)
CVE-2023-2497
CWE-352
High
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.1)
CVE-2023-6008
CWE-862
High
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)
CVE-2023-6009
CWE-862
High
WordPress Plugin WP Fastest Cache SQL Injection (1.2.1)
CVE-2023-6063
CWE-89
High
WordPress Plugin Adifier System Multiple Vulnerabilities (3.1.3)
CVE-2023-49753
CWE-89
High
WordPress Plugin Backup Migration Arbitrary File Download (1.3.6)
CVE-2023-6266
CWE-200
High
WordPress Plugin Backup Migration Cross-Site Request Forgery (1.2.9)
-
CWE-352
High
WordPress Plugin Backup Migration Cross-Site Scripting (1.1.5)
CVE-2021-36884
CWE-79
High
WordPress Plugin Backup Migration Information Disclosure (1.3.5)
CVE-2023-6271
CWE-200
High
WordPress Plugin Backup Migration Information Disclosure (1.2.8)
-
CWE-200
High
WordPress Plugin Backup Migration Remote Code Execution (1.3.7)
CVE-2023-6553
CWE-94
High
WordPress Plugin Clone Information Disclosure (2.4.2)
CVE-2023-6750
CWE-200
High
WordPress Plugin Debug Log Manager Cross-Site Request Forgery (2.2.1)
CVE-2023-5772
CWE-352
High
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)
CVE-2023-6383
CWE-200
High
WordPress Plugin Debug Log Manager Security Bypass (2.2.1)
CVE-2023-6136
CWE-862
High
WordPress Plugin Deeper Comments Security Bypass (2.1.1)
-
CWE-862
High
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)
CVE-2023-48777
CWE-434
High
WordPress Plugin Elementor Website Builder Multiple Vulnerabilities (3.16.4)
CVE-2023-47505
CWE-862
High
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
CVE-2023-6991
CWE-918
High
WordPress Plugin MW WP Form Arbitrary File Upload (5.0.1)
CVE-2023-6316
CWE-434
High
WordPress Plugin MW WP Form Directory Traversal (4.4.2)
CVE-2023-28408
CWE-22
High
WordPress Plugin MW WP Form Security Bypass (4.4.5)
CVE-2023-46206
CWE-862
High
WordPress Plugin Shortcoder-Create Shortcodes for Anything Security Bypass (6.3)
CVE-2023-49849
CWE-862
High
WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)
CVE-2022-0163
CWE-862
High
WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.84)
CVE-2023-49856
CWE-862
High
WordPress Plugin Snow Monkey Forms Directory Traversal (5.1.1)
CVE-2023-28413
CWE-22
High
WordPress Plugin Symbiostock-Sell Photos Online For Free! Arbitrary File Upload (6.0.0)
CVE-2023-49814
CWE-434
High
« Previous
1
...
167
168
169
170
171
172
173
174
175
Next »
