🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ SSRF
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
SSRF
This page lists
86 vulnerabilities
in this category.
Vulnerability Name
CVE
CWE
Severity
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
Oracle E-Business Suite SSRF (CVE-2025-61882)
CVE-2025-61882
CWE-918
Critical
Server-Side Request Forgery (Cloud Metadata)
-
CWE-918
Critical
Server-Side Request Forgery
-
CWE-918
Critical
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
-
CWE-918
High
WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8)
-
CWE-918
High
WordPress Plugin Google Forms Server-Side Request Forgery (0.91)
-
CWE-918
High
WordPress Plugin Nelio AB Testing Server-Side Request Forgery (4.5.10)
-
CWE-918
High
WordPress Plugin jRSS Widget Server-Side Request Forgery (1.2)
CVE-2014-9292
CWE-918
High
WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)
-
CWE-918
High
Server-Side Request Forgery (localhost)
-
CWE-918
High
WordPress Server-Side Request Forgery (3.7 - 6.1.1)
CVE-2022-3590
CWE-918
High
Unvalidated JWT x5u parameter
-
CWE-287
High
Unvalidated JWT jku parameter
-
CWE-287
High
LLM Server-Side Request Forgery (SSRF)
-
CWE-918
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
CVE-2019-11565
CWE-918
High
Edge Side Include injection
-
CWE-918
High
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)
-
CWE-918
High
WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)
CVE-2020-24147
CWE-918
High
WordPress Plugin Import XML and RSS Feeds Server-Side Request Forgery (2.0.2)
CVE-2020-24148
CWE-918
High
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Server-Side Request Forgery (3.4.3)
CVE-2024-4469
CWE-918
High
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
CVE-2024-5021
CWE-918
High
WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Server-Side Request Forgery (4.4.7)
CVE-2023-6805
CWE-918
High
WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)
CVE-2023-6294
CWE-918
High
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
CVE-2023-6991
CWE-918
High
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
CVE-2023-3025
CWE-918
High
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)
CVE-2022-45835
CWE-918
High
WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)
CVE-2022-3708
CWE-918
High
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)
CVE-2021-24150
CWE-918
High
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
CVE-2022-1977
CWE-918
High
WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)
CVE-2022-36376
CWE-918
High
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)
CVE-2022-2352
CWE-918
High
WordPress Plugin Craw Data Server-Side Request Forgery (1.0.0)
CVE-2022-2912
CWE-918
High
WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)
CVE-2021-39339
CWE-918
High
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
CVE-2021-24371
CWE-918
High
WordPress Plugin Mapplic Lite Server-Side Request Forgery (1.0)
-
CWE-918
High
WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)
-
CWE-918
High
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
CVE-2020-28978
CWE-918
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
Openfire Admin Console Full Read SSRF
CVE-2019-18394
CWE-918
High
Grafana avatar SSRF
CVE-2020-13379
CWE-78
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Oracle Weblogic T3 XXE (CVE-2019-2888)
CVE-2019-2888
CWE-611
High
Oracle Weblogic T3 XXE (CVE-2019-2647)
CVE-2019-2647
CWE-611
High
SAP NetWeaver ipcpricing server side request forgery
-
CWE-918
High
Jira Unauthorized SSRF via REST API
CVE-2019-8451
CWE-918
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
Reverse proxy misrouting
-
CWE-918
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Auxiliary systems SSRF
-
CWE-918
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Ext JS arbitrary file read
-
CWE-22
High
WebLogic Server Side Request Forgery
CVE-2014-4242
CWE-918
High
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
CVE-2021-21975
CWE-918
High
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Server-Side Request Forgery (2.2.23)
CVE-2024-1855
CWE-918
High
VMware vCenter vcavbootstrap Arbitrary File Read
-
-
High
Cloud metadata publicly exposed
-
CWE-918
High
SAML Consumer Service XSLT injection
-
CWE-91
High
HTTP/2 pseudo-header server side request forgery
-
CWE-918
High
SSRF in Server-Side Rendering
-
CWE-918
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
CVE-2021-26855
CWE-918
High
SSRF via logo_uri in MITREid Connect
CVE-2021-26715
CWE-918
High
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
CVE-2021-40438
CWE-918
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
1
2
»
