Invicti

CVE-2024-6297 WordPress Plugin Backdoor

CAPEC-443

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

,

CWE-507

,

HIPAA-164.308(a)

,

ISO27001-A.12.2.1

,

OWASP 2017-A10

,

PCI v3.2-6.5.6

,

Critical

Database User Has Admin Privileges

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

,

CWE-267

,

ISO27001-A.9.2.2

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-14

,

High

Elmah.axd / Errorlog.axd Detected

CAPEC-347

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

,

CWE-16

,

HIPAA-164.306(a)

,

HIPAA-164.308(a)

,

ISO27001-A.18.1.3

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-15

,

High

Passive Web Backdoor Detected

CWE-507

,

HIPAA-164.308(a)

,

ISO27001-A.12.2.1

,

OWASP 2017-A10

,

PCI v3.2-6.5.6

,

Low

Sensitive Data Exposure

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Amazon AWS Access Key Id

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Amazon AWS Secret Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Amazon MWS Auth Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Amazon SES SMTP Password

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Consul Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Database Connection String - MongoDB - MySQL

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Database Connection String - PostgreSQL

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Devise Secret Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Facebook Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Facebook App ID

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Facebook App Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Gitlab Personal Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Google Cloud API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Google OAuth Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Heroku API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - JDBC Database Connection String

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Jenkins Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - LinkedIn API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - MailChimp API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - MailGun API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Mapbox Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Nexmo Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - NPM Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - NuGet API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Okta Secret Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Omise Secret Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Paypal Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Picatic API key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - SendGrid API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Sentry Auth Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Slack Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Slack v1.x Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Slack Webhook

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - SonarQube User Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Square OAuth Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Square Personal Access Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - SSH Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Stripe API key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Symfony Application Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Teams Webhook

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Telegram Bot API Token

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Twilio API Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Twitter Access Token Secret

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - Twitter API Secret Key

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Sensitive Data Exposure - WordPress Authentication Key/Salt

CAPEC-37

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

,

CWE-200

,

ISO27001-A.8.2.1

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.6

,

WASC-WASC-13

,

Medium

Server-Side Request Forgery (elmah)

CAPEC-347

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

,

CWE-918

,

HIPAA-164.306(a)

,

HIPAA-164.308(a)

,

ISO27001-A.14.2.5

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-15

,

High

Server-Side Request Forgery (elmah MVC)

CAPEC-347

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

,

CWE-918

,

HIPAA-164.306(a)

,

HIPAA-164.308(a)

,

ISO27001-A.14.2.5

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-15

,

High

Server-Side Request Forgery (trace.axd)

CAPEC-347

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

,

CWE-918

,

HIPAA-164.306(a)

,

HIPAA-164.308(a)

,

ISO27001-A.14.2.5

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-15

,

Critical

Trace.axd Detected

CAPEC-347

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

,

CWE-16

,

HIPAA-164.306(a)

,

HIPAA-164.308(a)

,

ISO27001-A.18.1.3

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.6

,

WASC-15

,

High

Web Backdoor Detected

CAPEC-443

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

,

CWE-507

,

HIPAA-164.308(a)

,

ISO27001-A.12.2.1

,

OWASP 2017-A10

,

PCI v3.2-6.5.6

,

Critical

Web Application Vulnerabilities Index

Select Category

Select Vulnerability

Select Vulnerability