Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

High Severity Vulnerabilities

Found 12675 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)
-
CWE-79
High
WordPress Plugin LiveGrounds 'uid' Parameter Cross-Site Scripting (0.42)
-
CWE-79
High
WordPress Plugin MAC PHOTO GALLERY 'macalbajax.php' Multiple Cross-Site Scripting Vulnerabilities (2.10)
-
CWE-79
High
WordPress Plugin MoodThingy Mood Rating Widget 'postID' Parameter Blind SQL Injection (0.8.7)
-
CWE-89
High
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)
-
CWE-538
High
WordPress Plugin PHPFreeChat 'url' Parameter Cross-Site Scripting (0.2.8)
-
CWE-79
High
WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
-
CWE-94
High
WordPress Plugin Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1)
CVE-2012-4226
CWE-352
High
WordPress Plugin Quotes Collection Cross-Site Request Forgery (1.5.5.1)
-
CWE-352
High
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.1)
-
CWE-434
High
WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)
-
CWE-79
High
WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)
-
CWE-89
High
WordPress Plugin SocialFit 'msg' Parameter Cross-Site Scripting (1.2.2)
-
CWE-79
High
WordPress Plugin WP-Predict 'predictId' Parameter Blind SQL Injection (1.0)
-
CWE-89
High
WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)
-
CWE-79
High
WordPress Plugin WP Symposium A Social Network For WordPress Multiple Cross-Site Scripting Vulnerabilities (12.07.07)
-
CWE-79
High
WordPress Plugin WP Symposium A Social Network For WordPress Multiple SQL Injection Vulnerabilities (12.06.16)
-
CWE-89
High
WordPress Plugin Zingiri Web Shop 'abspath' Parameter Remote File Include (2.4.6)
-
CWE-94
High
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
-
CWE-22
High
WordPress Plugin Count per Day 'notes.php' Cross-Site Scripting (3.2.3)
-
CWE-79
High
WordPress Plugin Count per Day Search Bar Cross-Site Scripting (3.2.2)
-
CWE-79
High
WordPress Plugin Download Monitor 'dlsearch' Parameter Cross-Site Scripting (3.3.5.8)
CVE-2012-4768
CWE-79
High
WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)
-
CWE-89
High
WordPress Plugin HD Webplayer Multiple SQL Injection Vulnerabilities (1.1)
-
CWE-89
High
WordPress Plugin Mini Mail Dashboard Widget Cross-Site Scripting (1.42)
CVE-2012-2583
CWE-79
High
WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)
-
CWE-89
High
WordPress Plugin Postie 'From' Field Cross-Site Scripting (1.4.3)
CVE-2012-2580
CWE-79
High
WordPress Plugin RSVPMaker Cross-Site Scripting (2.5.4)
-
CWE-79
High
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
CVE-2012-2572
CWE-79
High
WordPress Plugin WP Lead Management Cross-Site Scripting (3.0.0)
-
CWE-79
High
WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)
CVE-2012-2579
CWE-79
High
WordPress Plugin Zingiri Web Shop Cookie Multiple SQL Injection Vulnerabilities (2.4.7)
-
CWE-89
High
WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)
-
CWE-79
High
WordPress Plugin AdRotate-Ad manager & AdSense Ads 'title' Parameter Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5)
-
CWE-79
High
WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)
-
CWE-79
High
WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (4.2.4)
-
CWE-79
High
WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Cross-Site Scripting Vulnerabilities (3.4.3)
-
CWE-79
High
WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)
CVE-2012-4242
CWE-79
High
WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)
-
CWE-79
High
WordPress Plugin Notices Ticker Cross-Site Request Forgery (5.0)
-
CWE-352
High
WordPress Plugin Sexy Add Template Cross-Site Request Forgery (1.0)
-
CWE-352
High
WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9)
-
CWE-434
High
WordPress Plugin Token Manager 'tid' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.0.2)
-
CWE-79
High
WordPress Plugin WP-TopBar Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (4.02)
-
CWE-352
High
WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6)
-
CWE-22
High
WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)
CVE-2012-5853
CWE-89
High
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
-
CWE-22
High
WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)
-
CWE-94
High
WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)
-
CWE-89
High
WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)
-
CWE-89
High
WordPress Plugin FoxyPress Multiple Vulnerabilities (0.4.2.5)
-
CWE-434
High
WordPress Plugin Gallery-Flagallery Photo Portfolio Multiple Vulnerabilities (2.00)
-
CWE-94
High
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
-
CWE-200
High
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
-
CWE-200
High
WordPress Plugin Spider Calendar Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.1)
-
CWE-89
High
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)
-
CWE-95
High
WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)
CVE-2012-5388
CWE-352
High
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)
-
CWE-79
High
WordPress Plugin Advanced Custom Fields (ACF) 'acf_abspath' Parameter Remote File Include (3.5.1)
-
CWE-94
High
WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)
CVE-2012-6653
CWE-89
High
WordPress Plugin Carousel slideshow 'swfupload.swf' Cross-Site Scripting (3.10)
CVE-2012-3414
CWE-79
High
WordPress Plugin FB Survey Pro 'id' Parameter SQL Injection (1.0)
-
CWE-89
High
WordPress Plugin Hitasoft FLV Player 'id' Parameter SQL Injection (1.1)
-
CWE-89
High
WordPress Plugin MailPoet Newsletters (Previous) 'swfupload.swf' Cross-Site Scripting (2.1.6)
CVE-2012-3414
CWE-79
High
WordPress Plugin NextGEN Gallery-WordPress Gallery 'swfupload.swf' Cross-Site Scripting (1.9.7)
CVE-2012-3414
CWE-79
High
WordPress Plugin Simple Slider 'New Image' Field Cross-Site Scripting (1.0)
-
CWE-79
High
WordPress Plugin SpiderCatalog 's_p_c_t' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.1)
-
CWE-79
High
WordPress Plugin Ultimate TinyMCE 'swfupload.swf' Cross-Site Scripting (3.5)
CVE-2012-3414
CWE-79
High
WordPress Plugin Video Lead Form 'errMsg' Parameter Cross-Site Scripting (0.5)
CVE-2012-6312
CWE-79
High
WordPress Plugin WP eCommerce Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (3.8.9)
-
CWE-89
High
WordPress Plugin Portable phpMyAdmin Authentication Bypass (1.3.0)
CVE-2012-5469
CWE-264
High
WordPress Plugin ReFlex Gallery 'php.php' Arbitrary File Upload (1.4.6)
-
CWE-434
High
WordPress Plugin RocketTheme RokBox Multiple Vulnerabilities (2.13)
-
CWE-434
High
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)
CVE-2012-6313
CWE-200
High
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)
-
CWE-200
High