🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13231 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)
CVE-2023-2834
CWE-287
High
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Unspecified Vulnerability (2.3.8)
-
-
High
WordPress Plugin LearnDash LMS Insecure Direct Object Reference (4.6.0)
CVE-2023-3105
CWE-639
High
WordPress Plugin LearnDash LMS SQL Injection (4.5.3)
CVE-2023-28777
CWE-89
High
WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)
CVE-2023-3080
CWE-79
High
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.5.7)
CVE-2023-3082
CWE-79
High
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Multiple Cross-Site Request Forgery Vulnerabilities (2.5.6)
CVE-2023-3179
CWE-352
High
WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce CSV Injection (1.6.7)
CVE-2022-46809
CWE-1236
High
WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce Privilege Escalation (1.6.13)
CVE-2023-2833
CWE-269
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.6.6)
CVE-2023-3460
CWE-269
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (3.0.2)
CVE-2023-3342
CWE-434
High
WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Cross-Site Request Forgery (2.9.10)
CVE-2022-4941
CWE-352
High
WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Insecure Direct Object Reference (2.10.7)
CVE-2023-2276
CWE-639
High
WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Privilege Escalation (2.10.0)
CVE-2022-4939
CWE-269
High
WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.4)
CVE-2023-2982
CWE-287
High
WordPress Plugin WP Mail Log Cross-Site Request Forgery (1.0.1)
CVE-2022-45807
CWE-352
High
WordPress Plugin WP Mail Log Cross-Site Scripting (1.1.1)
CVE-2023-3088
CWE-79
High
WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)
CVE-2023-3081
CWE-79
High
WordPress Plugin WP Mail Logging Security Bypass (1.9.9)
CVE-2021-38314
CWE-284
High
WordPress Plugin WP Mail Logging Security Bypass (1.11.2)
-
CWE-862
High
WordPress Plugin WP User Switch Security Bypass (1.0.2)
CVE-2023-2546
CWE-287
High
WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)
CVE-2023-2309
CWE-79
High
WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)
CVE-2023-2249
CWE-918
High
WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More Security Bypass (4.6.00)
CVE-2023-3126
CWE-862
High
WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Cross-Site Scripting (1.7.0.10)
CVE-2022-47441
CWE-79
High
WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Privilege Escalation (1.7.0.12)
CVE-2023-4404
CWE-269
High
WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.2)
CVE-2023-0219
CWE-79
High
WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.4)
CVE-2023-3087
CWE-79
High
WordPress Plugin FlyingPress Security Bypass (3.9.6)
CVE-2022-4948
CWE-284
High
WordPress Plugin GD Mail Queue Cross-Site Scripting (3.9.3)
CVE-2023-3122
CWE-79
High
WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)
CVE-2023-3166
CWE-79
High
WordPress Plugin Mail Control-Email Customizer, SMTP Deliverability, logging, open and click Tracking Cross-Site Scripting (0.3.1)
CVE-2023-3158
CWE-79
High
WordPress Plugin Mail Queue Cross-Site Scripting (1.1)
CVE-2023-3167
CWE-79
High
WordPress Plugin MailArchiver Cross-Site Scripting (2.10.1)
CVE-2023-3136
CWE-79
High
WordPress Plugin Mailtree Log Mail Cross-Site Scripting (1.0.0)
CVE-2023-3135
CWE-79
High
WordPress Plugin SMTP Mail Cross-Site Scripting (1.3.1)
CVE-2023-3092
CWE-79
High
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.9)
CVE-2023-4040
CWE-862
High
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
CVE-2023-3162
CWE-639
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (2.2.4)
CVE-2022-3912
CWE-434
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Cross-Site Scripting (2.3.0)
CVE-2023-23987
CWE-79
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile PHP Object Injection (3.0.1)
CVE-2023-3343
CWE-915
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile PHP Object Injection (2.3.2.1)
CVE-2023-27459
CWE-915
High
WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)
CVE-2023-29429
CWE-862
High
WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)
CVE-2021-36826
CWE-79
High
WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Privilege Escalation (2.6.4)
CVE-2023-3636
CWE-269
High
WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)
CVE-2023-27606
CWE-352
High
WordPress Plugin WP Reroute Email Cross-Site Scripting (1.4.9)
CVE-2023-3168
CWE-79
High
WordPress Plugin WP Reroute Email SQL Injection (1.4.6)
CVE-2023-27605
CWE-89
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)
CVE-2022-2372
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2)
CVE-2022-2371
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.4.5)
CVE-2023-3093
CWE-79
High
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)
CVE-2022-2369
CWE-862
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (4.0.6)
CVE-2023-2087
CWE-352
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (3.8.5)
CVE-2022-47594
CWE-352
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple PHP Object Injection Vulnerabilities (4.2.0)
CVE-2023-4402
CWE-915
High
WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple Security Bypass Vulnerabilities (4.0.6)
CVE-2023-2086
CWE-862
High
WordPress Plugin Essential Blocks Pro Multiple PHP Object Injection Vulnerabilities (1.1.0)
CVE-2023-4402
CWE-915
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11)
CVE-2023-0631
CWE-89
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.8)
CVE-2023-40676
CWE-79
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.9.2)
CVE-2022-4310
CWE-79
High
WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.4)
CVE-2022-45366
CWE-79
High
WordPress Plugin Slimstat Analytics Multiple Vulnerabilities (5.0.9)
CVE-2023-4598
CWE-89
High
WordPress Plugin Slimstat Analytics Security Bypass (5.0.5.1)
CVE-2023-33994
CWE-862
High
WordPress Plugin Slimstat Analytics SQL Injection (5.0.4)
CVE-2022-45373
CWE-89
High
WordPress Plugin Slimstat Analytics SQL Injection (4.9.3.3)
-
CWE-89
High
WordPress Plugin Slimstat Analytics SQL Injection (4.9.3.2)
CVE-2023-0630
CWE-89
High
WordPress Plugin Dropbox Folder Share Local File Inclusion (1.9.7)
CVE-2023-4488
CWE-22
High
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
CVE-2023-3025
CWE-918
High
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)
CVE-2023-4772
CWE-79
High
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Unspecified Vulnerability (2.10.5)
-
-
High
WordPress Plugin Royal Elementor Addons and Templates Arbitrary File Upload (1.3.78)
CVE-2023-5360
CWE-434
High
WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)
CVE-2023-5212
CWE-73
High
WordPress Plugin AI ChatBot Cross-Site Scripting (4.9.6)
CVE-2023-5606
CWE-79
High
WordPress Plugin AI ChatBot Directory Traversal (4.9.2)
CVE-2023-5241
CWE-22
High
WordPress Plugin AI ChatBot Information Disclosure (4.8.9)
CVE-2023-5254
CWE-200
High
« Previous
1
...
169
170
171
172
173
174
175
176
177
Next »