🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23101 vulnerabilities
in this category.
Critical: 1474
High: 12458
Medium: 8395
Low: 770
Information: 4
Vulnerability Name
CVE
CWE
Severity
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.1.0)
-
CWE-79
High
WordPress Plugin YouTube Embed Cross-Site Scripting (5.0.1)
-
CWE-79
High
WordPress Plugin Easy PayPal Buy Now Button Multiple Vulnerabilities (1.7.2)
-
CWE-352
High
Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-18113)
CVE-2017-18113
CWE-94
High
WordPress Plugin WP Statistics Cross-Site Scripting (12.0.5)
-
CWE-79
High
WordPress Plugin WP Session Manager SQL Injection (1.2.1)
-
CWE-89
High
Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2017-18214)
CVE-2017-18214
CWE-400
High
WordPress Plugin WP Post to PDF Enhanced Cross-Site Scripting (1.0.5)
-
CWE-79
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-18260)
CVE-2017-18260
CWE-138
High
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)
CVE-2017-15863
CWE-79
High
Ampache Deserialization of Untrusted Data Vulnerability (CVE-2017-18375)
CVE-2017-18375
CWE-502
High
WordPress Plugin WP Htaccess Editor Unspecified Vulnerability (1.0.1)
-
-
High
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-1103)
CVE-2017-1103
CWE-611
High
WordPress Plugin Easy Custom Sidebars Unspecified Vulnerability (1.0.1)
-
-
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17920)
CVE-2017-17920
CWE-138
High
Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-16877)
CVE-2017-16877
CWE-22
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
CVE-2017-17774
CWE-352
High
WordPress Plugin PayPal Shopping Cart Multiple Vulnerabilities (1.1.9)
-
CWE-352
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
WordPress Plugin PayPal Digital Downloads Cross-Site Request Forgery (1.4)
-
CWE-352
High
WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.6.2)
-
CWE-434
High
WordPress Plugin Multi Feed Reader SQL Injection (2.2.3)
CVE-2017-2195
CWE-89
High
WordPress Plugin Multi Feed Reader Multiple Vulnerabilities (2.2.4)
-
CWE-352
High
Ruby Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2017-17405)
CVE-2017-17405
CWE-138
High
WordPress Plugin Memphis Documents Library Multiple Unspecified Vulnerabilities (3.6.21)
-
-
High
Python Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17522)
CVE-2017-17522
CWE-138
High
WordPress Plugin Hide Featured Image Unspecified Vulnerability (1.1)
-
-
High
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)
CVE-2017-5223
CWE-200
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17919)
CVE-2017-17919
CWE-138
High
WordPress Plugin Facebook-this Spam Links Injection (2.5)
-
CWE-610
High
WordPress Plugin Facebook Members Cross-Site Scripting (7.0)
-
CWE-79
High
WordPress Plugin Event List SQL Injection (0.7.8)
CVE-2017-9429
CWE-89
High
WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.0.93)
CVE-2017-2224
CWE-79
High
WordPress Plugin EELV Newsletter Multiple Vulnerabilities (4.6)
-
CWE-352
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17827)
CVE-2017-17827
CWE-352
High
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
-
CWE-352
High
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
CVE-2017-17898
CWE-200
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17916)
CVE-2017-17916
CWE-138
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17917)
CVE-2017-17917
CWE-138
High
WordPress Plugin Booking Calendar Directory Traversal (7.0)
CVE-2017-2150
CWE-22
High
WordPress Plugin Booking Calendar Contact Form Cross-Site Scripting (1.0.24)
-
CWE-79
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508)
CVE-2017-14508
CWE-138
High
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2017-7963)
CVE-2017-7963
CWE-770
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-7659)
CVE-2017-7659
CWE-476
High
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)
CVE-2017-7668
CWE-125
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-7671)
CVE-2017-7671
CWE-20
High
WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (3.0.7)
CVE-2017-2171
CWE-79
High
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-7675)
CVE-2017-7675
CWE-22
High
WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)
CVE-2017-2171
CWE-79
High
WordPress Plugin Google Maps by BestWebSoft Cross-Site Scripting (1.3.5)
CVE-2017-18557
CWE-79
High
WordPress Plugin Google Doc Embedder Multiple Vulnerabilities (2.6.1)
-
CWE-352
High
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.27)
CVE-2017-2171
CWE-79
High
WordPress Plugin Google Analytics by BestWebSoft Cross-Site Scripting (1.7.0)
CVE-2017-18556
CWE-79
High
WordPress Plugin Htaccess by BestWebSoft Cross-Site Scripting (1.7.5)
CVE-2017-18496
CWE-79
High
WordPress Plugin Google AdSense by BestWebSoft Cross-Site Scripting (1.43)
CVE-2017-18487
CWE-79
High
WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.3.3)
CVE-2017-2171
CWE-79
High
WordPress Plugin GlotPress Information Disclosure (2.2.1)
-
CWE-200
High
WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)
-
CWE-89
High
WordPress Plugin Gallery Categories by BestWebSoft Cross-Site Scripting (1.0.8)
CVE-2017-2171
CWE-79
High
WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.4.9)
CVE-2017-2171
CWE-79
High
WordPress Plugin Featured Posts by BestWebSoft Cross-Site Scripting (1.0.0)
CVE-2017-2171
CWE-79
High
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Scripting (2.53)
CVE-2017-2171
CWE-79
High
WordPress Plugin Export any WordPress data to XML/CSV Arbitrary File Upload (0.9)
-
CWE-434
High
WordPress Plugin Error Log Viewer by BestWebSoft Cross-Site Scripting (1.0.5)
CVE-2017-18562
CWE-79
High
Jetty CVE-2017-7656 Vulnerability (CVE-2017-7656)
CVE-2017-7656
-
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)
CVE-2017-7566
CWE-918
High
WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)
CVE-2017-2171
CWE-79
High
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
-
CWE-94
High
WordPress Plugin MailChimp Forms by MailMunch Unspecified Vulnerability (2.0.6.3)
-
-
High
WordPress Plugin Login With Ajax Cross-Site Scripting (3.1.6)
-
CWE-79
High
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
CVE-2017-7272
CWE-918
High
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)
CVE-2017-7290
CWE-138
High
WordPress Plugin LinkedIn by BestWebSoft Cross-Site Scripting (1.0.4)
CVE-2017-18516
CWE-79
High
WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)
CVE-2017-2171
CWE-79
High
MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)
CVE-2017-7322
CWE-295
High
«
1
...
155
156
157
...
309
»
