Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

High Severity Vulnerabilities

Found 12675 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
WordPress Plugin My Category Order 'parentID' Parameter SQL Injection (2.8)
CVE-2009-4748
CWE-89
High
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
CVE-2009-2852
CWE-20
High
WordPress Plugin DM Albums Multiple File Deletion Vulnerabilities (2.1)
-
CWE-22
High
WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2)
-
CWE-287
High
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
-
CWE-79
High
WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)
-
CWE-79
High
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
-
CWE-200
High
WordPress Plugin Trashbin 'mtb_undelete' Parameter Cross-Site Scripting (0.1)
-
CWE-79
High
WordPress Plugin WP-Cumulus 'tagcloud.swf' Cross-Site Scripting (1.22)
CVE-2009-4168
CWE-79
High
WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights 404 Error Page Cross-Site Scripting (3.2.4)
-
CWE-79
High
WordPress Plugin Woopra Analytics Arbitrary File Upload (1.4.3.1)
CVE-2009-4140
CWE-434
High
WordPress Plugin WP-Forum Multiple SQL Injection Vulnerabilities (2.3)
CVE-2009-3703
CWE-89
High
WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)
-
CWE-89
High
WordPress Plugin Copperleaf Photolog 'cplphoto.php' SQL Injection (0.16)
CVE-2010-0673
CWE-89
High
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1)
-
CWE-79
High
WordPress Plugin Events Registration with PayPal IPN Multiple SQL Injection Vulnerabilities (2.1.2)
-
CWE-89
High
WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)
CVE-2010-1186
CWE-79
High
WordPress Plugin Cimy Counter HTTP Response Splitting and Cross-Site Scripting Vulnerabilities (0.9.4)
-
CWE-113
High
WordPress Plugin Events Manager 'events-manager.php' SQL Injection (2.1)
-
CWE-89
High
WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)
-
CWE-434
High
WordPress Plugin Gigya-Social Infrastructure Cross-Site Scripting (1.1.8)
-
CWE-79
High
WordPress Plugin myLinksDump 'url' Parameter SQL Injection (1.2)
CVE-2010-2924
CWE-89
High
WordPress Plugin Simple:Press 'sf-header-forum.php' SQL Injection (4.3.0)
-
CWE-89
High
WordPress Plugin WP-UserOnline URL HTML Injection (2.62)
-
CWE-79
High
WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2)
-
CWE-89
High
WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)
-
CWE-79
High
WordPress Plugin cformsII 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities (13.1)
CVE-2010-3977
CWE-79
High
WordPress Plugin DB Toolkit 'uploadify.php' Arbitrary File Upload (0.1.10)
-
CWE-434
High
WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.32)
CVE-2010-4839
CWE-89
High
WordPress Plugin FeedList 'handler_image.php' Cross-Site Scripting (2.61.01)
CVE-2010-4637
CWE-79
High
WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)
-
CWE-22
High
WordPress Plugin Register Plus 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities (3.5.1)
CVE-2010-4402
CWE-79
High
WordPress Plugin SEO Tools 'file' Parameter Directory Traversal (3.1.7)
-
CWE-22
High
WordPress Plugin Vodpod Video Gallery 'gid' Parameter Cross-Site Scripting (3.1.5)
CVE-2010-4875
CWE-79
High
WordPress Plugin WP Survey And Quiz Tool 'action' Parameter Cross-Site Scripting (1.2.1)
CVE-2010-4630
CWE-79
High
WordPress Plugin Accept Signups 'email' Parameter Cross-Site Scripting (0.1)
-
CWE-79
High
WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)
-
CWE-352
High
WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)
CVE-2010-4277
CWE-79
High
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
CVE-2010-4747
CWE-79
High
WordPress Plugin Register Plus Redux 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities (3.6.1)
-
CWE-79
High
WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)
CVE-2010-4825
CWE-79
High
WordPress Plugin WP Forum Multiple Security Vulnerbilities (1.7.8)
-
CWE-472
High
WordPress Plugin WP Safe Search 'v1' Parameter Cross-Site Scripting (0.7)
CVE-2010-4518
CWE-79
High
WordPress Plugin WPtouch 'wptouch_settings' Parameter Cross-Site Scripting (1.9.20)
CVE-2010-4779
CWE-79
High
WordPress Plugin Audio 'showfile' Parameter Cross-Site Scripting (0.5.1)
-
CWE-79
High
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)
-
CWE-79
High
WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)
-
CWE-79
High
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)
-
CWE-79
High
WordPress Plugin Feature Slideshow 'src' Parameter Cross-Site Scripting (1.0.6beta)
-
CWE-79
High
WordPress Plugin Featured Content 'param' Parameter Cross-Site Scripting (0.0.1)
-
CWE-79
High
WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)
-
CWE-425
High
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)
-
CWE-79
High
WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)
-
CWE-89
High
WordPress Plugin Powerhouse Museum Collection Image Grid 'tbpv_username' Parameter Cross-Site Scripting (0.9.1.1)
-
CWE-79
High
WordPress Plugin Recip.ly 'uploadImage.php' Arbitrary File Upload (1.1.7)
-
CWE-434
High
WordPress Plugin RSS Feed Reader 'rss_url' Parameter Cross-Site Scripting (0.1)
CVE-2011-0740
CWE-79
High
WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)
CVE-2011-0641
CWE-79
High
WordPress Plugin Uploader 'num' Parameter Cross-Site Scripting (1.0.0)
-
CWE-79
High
WordPress Plugin Uploader 'uploadify.php' Arbitrary File Upload (1.0.4)
-
CWE-434
High
WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (2.5.3.2)
-
CWE-79
High
WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)
-
CWE-79
High
WordPress Plugin WP Publication Archive 'file' Parameter Directory Traversal (2.3)
-
CWE-22
High
WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)
-
CWE-22
High
WordPress Plugin cdnvote 'cdnvote-post.php' Multiple SQL Injection Vulnerabilities (0.4.1)
CVE-2011-5308
CWE-89
High
WordPress Plugin ComicPress Manager 'lang' Parameter Cross-Site Scripting (1.4.9.9)
-
CWE-79
High
WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)
-
CWE-89
High
WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)
-
CWE-434
High
WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)
-
CWE-79
High
WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)
-
CWE-79
High
WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)
-
CWE-79
High
WordPress Plugin IWantOneButton 'updateAJAX.php' SQL Injection (3.0.1)
-
CWE-89
High
WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)
-
CWE-22
High
WordPress Plugin Local Market Explorer 'api-key' Parameter Cross-Site Scripting (3.1.1)
-
CWE-79
High
WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
-
CWE-22
High
WordPress Plugin PG Flash Gallery Cross-Site Scripting (4.1.1)
-
CWE-79
High