🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13231 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin RegistrationMagic-User Registration with Custom Registration Forms SQL Injection (5.3.1.0)
CVE-2024-1990
CWE-89
High
WordPress Plugin Tablesome-Responsive Table, Woocommerce Automation, Email Log, Form Automation-Contact Form 7, Elementor, WPForms, Forminator Cross-Site Request Forgery (1.0.25)
CVE-2024-31388
CWE-352
High
WordPress Plugin Tablesome-Responsive Table, Woocommerce Automation, Email Log, Form Automation-Contact Form 7, Elementor, WPForms, Forminator Cross-Site Scripting (1.0.27)
CVE-2024-29110
CWE-79
High
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Request Forgery (2.6.1)
CVE-2024-1503
CWE-352
High
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)
CVE-2024-3994
CWE-79
High
WordPress Plugin Tutor LMS-eLearning and online course solution Insecure Direct Object Reference (2.7.0)
CVE-2024-4279
CWE-639
High
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)
CVE-2024-1502
CWE-862
High
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.7.0)
CVE-2024-4223
CWE-862
High
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.2)
CVE-2024-3553
CWE-862
High
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)
CVE-2024-1751
CWE-89
High
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.7.0)
CVE-2024-4318
CWE-89
High
WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)
CVE-2024-29913
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.8.4)
CVE-2024-2765
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.8.3)
CVE-2024-2123
CWE-79
High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership SQL Injection (2.8.2)
CVE-2024-1071
CWE-89
High
WordPress Plugin User Registration-Custom Registration Form, Login Form, and User Profile Privilege Escalation (3.1.5)
CVE-2024-2417
CWE-269
High
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Security Bypass (3.10.15)
CVE-2024-3750
CWE-862
High
WordPress Plugin Web Application Firewall-website security Privilege Escalation (2.1.1)
CVE-2024-2172
CWE-269
High
WordPress Plugin Web Application Firewall-website security Unspecified Vulnerability (2.1.2)
-
-
High
WordPress Plugin WordPress Automatic SQL Injection (3.92.0)
CVE-2024-27956
CWE-89
High
WordPress Plugin WP Activity Log Premium SQL Injection (4.6.4)
CVE-2024-2018
CWE-89
High
WordPress Plugin WP Datepicker Security Bypass (2.1.0)
CVE-2024-3895
CWE-862
High
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.4.9.2)
CVE-2024-1852
CWE-79
High
WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)
CVE-2024-32514
CWE-434
High
WordPress Plugin Yoast SEO Cross-Site Scripting (20.2)
-
CWE-79
High
WordPress Plugin Yoast SEO Cross-Site Scripting (22.5)
CVE-2024-4041
CWE-79
High
WordPress Plugin Yoast SEO Cross-Site Scripting (22.6)
CVE-2024-4984
CWE-79
High
WordPress Plugin Yoast SEO Cross-Site Scripting (21.0)
CVE-2023-40680
CWE-79
High
WordPress Plugin 10Web AI Assistant-AI content writing assistant Security Bypass (1.0.18)
CVE-2023-6985
CWE-862
High
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25)
CVE-2024-35171
CWE-200
High
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Multiple Security Bypass Vulnerabilities (1.9.16)
CVE-2024-33912
CWE-862
High
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Privilege Escalation (1.9.19)
CVE-2024-1505
CWE-269
High
WordPress Plugin Ad Invalid Click Protector (AICP) Malicious Code (1.2.9)
CVE-2024-6297
CWE-506
High
WordPress Plugin AliExpress Dropshipping with AliNext Lite Cross-Site Request Forgery (3.3.5)
CVE-2024-37212
CWE-352
High
WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.2)
CVE-2024-4611
CWE-287
High
WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.0)
CVE-2024-32776
CWE-862
High
WordPress Plugin BLAZE Retail Widget Malicious Code (2.5.2)
CVE-2024-6297
CWE-506
High
WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)
CVE-2024-35746
CWE-434
High
WordPress Plugin Checkout Field Editor for WooCommerce (Pro) Arbitrary File Deletion (3.6.2)
CVE-2024-35658
CWE-73
High
WordPress Plugin Consulting Elementor Widgets Local File Inclusion (1.3.0)
CVE-2024-37089
CWE-22
High
WordPress Plugin Consulting Elementor Widgets SQL Injection (1.3.0)
CVE-2024-37090
CWE-89
High
WordPress Plugin Contact Form 7 Multi-Step Addon Malicious Code (1.0.5)
CVE-2024-6297
CWE-506
High
WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.2)
CVE-2024-35678
CWE-89
High
WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.0)
CVE-2023-29096
CWE-89
High
WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.1)
CVE-2023-36508
CWE-89
High
WordPress Plugin Content Blocks (Custom Post Widget) Local File Inclusion (3.3.0)
CVE-2024-3564
CWE-22
High
WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)
CVE-2023-6700
CWE-862
High
WordPress Plugin Country State City Dropdown CF7 Security Bypass (2.7.1)
CVE-2024-3520
CWE-862
High
WordPress Plugin Country State City Dropdown CF7 SQL Injection (2.7.2)
CVE-2024-3495
CWE-89
High
WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)
CVE-2024-35629
CWE-98
High
WordPress Plugin Elements For Elementor Local File Inclusion (2.1)
CVE-2024-5348
CWE-22
High
WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.20)
CVE-2024-4295
CWE-89
High
WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.23)
CVE-2024-5756
CWE-89
High
WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.22)
CVE-2024-4845
CWE-89
High
WordPress Plugin File Manager Pro Arbitrary File Upload (8.3.4)
CVE-2023-6846
CWE-434
High
WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)
CVE-2024-35750
CWE-89
High
WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block Cross-Site Scripting (2.5.18)
CVE-2023-6485
CWE-79
High
WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.26)
CVE-2024-5522
CWE-89
High
WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.24)
CVE-2024-1061
CWE-89
High
WordPress Plugin Image Optimizer, Resizer and CDN-Sirv Arbitrary File Upload (7.2.6)
CVE-2024-5853
CWE-434
High
WordPress Plugin Insert or Embed Articulate Content into WordPress Arbitrary File Upload (4.3000000023)
CVE-2024-0757
CWE-434
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.22)
CVE-2024-2667
CWE-434
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)
CVE-2024-37228
CWE-434
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.38)
CVE-2024-4898
CWE-862
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)
CVE-2024-22145
CWE-862
High
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.24)
CVE-2024-32701
CWE-862
High
WordPress Plugin Lifeline Donation Security Bypass (1.2.6)
CVE-2024-5432
CWE-287
High
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes SQL Injection (7.6.2)
CVE-2024-4743
CWE-89
High
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Security Bypass (2.7.2)
CVE-2024-5324
CWE-862
High
WordPress Plugin Login with phone number Security Bypass (1.7.26)
CVE-2024-5150
CWE-287
High
WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)
CVE-2024-32523
CWE-22
High
WordPress Plugin MW WP Form Arbitrary File Deletion (5.0.3)
CVE-2023-6559
CWE-73
High
WordPress Plugin MW WP Form Cross-Site Scripting (5.0.6)
CVE-2024-24804
CWE-79
High
WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Cross-Site Request Forgery (2.18.1)
CVE-2024-32104
CWE-352
High
WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Security Bypass (2.17.0)
CVE-2024-25092
CWE-862
High
« Previous
1
...
171
172
173
174
175
176
177
Next »