Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/
SSRF
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
SSRF
This page lists
85 vulnerabilities
in this category.
Vulnerability Name
CVE
CWE
Severity
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
Server-Side Request Forgery (Cloud Metadata)
-
CWE-918
Critical
Server-Side Request Forgery
-
CWE-918
Critical
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
-
CWE-918
High
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
CVE-2019-11565
CWE-918
High
WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8)
-
CWE-918
High
WordPress Plugin Google Forms Server-Side Request Forgery (0.91)
-
CWE-918
High
WordPress Plugin Nelio AB Testing Server-Side Request Forgery (4.5.10)
-
CWE-918
High
WordPress Plugin jRSS Widget Server-Side Request Forgery (1.2)
CVE-2014-9292
CWE-918
High
WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)
-
CWE-918
High
Unvalidated JWT jku parameter
-
CWE-287
High
WordPress Server-Side Request Forgery (3.7 - 6.1.1)
CVE-2022-3590
CWE-918
High
Unvalidated JWT x5u parameter
-
CWE-287
High
Server-Side Request Forgery (localhost)
-
CWE-918
High
LLM Server-Side Request Forgery (SSRF)
-
CWE-918
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)
-
CWE-918
High
Edge Side Include injection
-
CWE-918
High
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)
CVE-2021-24150
CWE-918
High
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)
CVE-2022-45835
CWE-918
High
WordPress Plugin Import XML and RSS Feeds Server-Side Request Forgery (2.0.2)
CVE-2020-24148
CWE-918
High
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Server-Side Request Forgery (3.4.3)
CVE-2024-4469
CWE-918
High
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
CVE-2024-5021
CWE-918
High
WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Server-Side Request Forgery (4.4.7)
CVE-2023-6805
CWE-918
High
WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)
CVE-2023-6294
CWE-918
High
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
CVE-2023-6991
CWE-918
High
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
CVE-2023-3025
CWE-918
High
WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)
CVE-2020-24147
CWE-918
High
WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)
-
CWE-918
High
WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)
CVE-2022-3708
CWE-918
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
CVE-2022-1977
CWE-918
High
WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)
CVE-2022-36376
CWE-918
High
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)
CVE-2022-2352
CWE-918
High
WordPress Plugin Craw Data Server-Side Request Forgery (1.0.0)
CVE-2022-2912
CWE-918
High
WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)
CVE-2021-39339
CWE-918
High
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
CVE-2021-24371
CWE-918
High
WordPress Plugin Mapplic Lite Server-Side Request Forgery (1.0)
-
CWE-918
High
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
CVE-2020-28978
CWE-918
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
Openfire Admin Console Full Read SSRF
CVE-2019-18394
CWE-918
High
Grafana avatar SSRF
CVE-2020-13379
CWE-78
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Oracle Weblogic T3 XXE (CVE-2019-2888)
CVE-2019-2888
CWE-611
High
Oracle Weblogic T3 XXE (CVE-2019-2647)
CVE-2019-2647
CWE-611
High
SAP NetWeaver ipcpricing server side request forgery
-
CWE-918
High
Jira Unauthorized SSRF via REST API
CVE-2019-8451
CWE-918
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
Reverse proxy misrouting
-
CWE-918
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Auxiliary systems SSRF
-
CWE-918
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Ext JS arbitrary file read
-
CWE-22
High
WebLogic Server Side Request Forgery
CVE-2014-4242
CWE-918
High
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
CVE-2021-21975
CWE-918
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Server-Side Request Forgery (2.2.23)
CVE-2024-1855
CWE-918
High
VMware vCenter vcavbootstrap Arbitrary File Read
-
-
High
Cloud metadata publicly exposed
-
CWE-918
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SSRF in Server-Side Rendering
-
CWE-918
High
HTTP/2 pseudo-header server side request forgery
-
CWE-918
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
CVE-2021-26855
CWE-918
High
SSRF via logo_uri in MITREid Connect
CVE-2021-26715
CWE-918
High
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
CVE-2021-40438
CWE-918
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
1
2
»
