Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Web.config File Detected
Web.config File Detected
CAPEC-87
, 
CWE-285
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
WebDAV Directory Has Write Permissions (IIS)
WebDAV Directory Has Write Permissions (IIS)
PCI v3.2-6.5.8
, 
CWE-732
, 
ISO27001-A.9.4.1
, 
WASC-17
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C
, 
High
WebDAV Enabled
WebDAV Enabled
CWE-16
, 
ISO27001-A.9.4.4
, 
WASC-15
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C
, 
Information
webERP Detected
webERP Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
WeBid Detected
WeBid Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
WebLogic Identified
WebLogic Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Werkzeug Python WSGI Library Identified
Werkzeug Python WSGI Library Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Whoops Error Handler Framework Detected
Whoops Error Handler Framework Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
WildFly Application Server Identified
WildFly Application Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Windows Azure Web Server Identified
Windows Azure Web Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Windows CE OS Identified
Windows CE OS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Windows Server Identified
Windows Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Windows Short Filename
Windows Short Filename
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-538
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.8.2.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A6
, 
Low
Windows Username Disclosure
Windows Username Disclosure
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Wing FTP Anonymous access
Wing FTP Anonymous access
CWE-CWE-200
, 
Low
Wing FTP Server RCE (CVE-2025-47812)
Wing FTP Server RCE (CVE-2025-47812)
CWE-CWE-158
, 
Critical
WordPress Configuration File Detected
WordPress Configuration File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Information
WordPress Detected
WordPress Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Advanced Custom Fields Extended Identified
WordPress Plugin Advanced Custom Fields Extended Identified
No items found.
Information
WordPress Plugin Advanced Custom Fields Extended Out Of Date
WordPress Plugin Advanced Custom Fields Extended Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Advanced Custom Fields Extended Version Disclosure
WordPress Plugin Advanced Custom Fields Extended Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Akismet Spam Protection Out Of Date
WordPress Plugin Akismet Spam Protection Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Akismet Spam Protection Version Disclosure
WordPress Plugin Akismet Spam Protection Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Akismet Spam Protector Identified
WordPress Plugin Akismet Spam Protector Identified
No items found.
Information
WordPress Plugin All In One WP Migration Identified
WordPress Plugin All In One WP Migration Identified
No items found.
Information
WordPress Plugin All-in-One WP Migration Out Of Date
WordPress Plugin All-in-One WP Migration Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin All-in-One WP Migration Version Disclosure
WordPress Plugin All-in-One WP Migration Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Backup Migration Identified
WordPress Plugin Backup Migration Identified
No items found.
Information
WordPress Plugin Backup Migration Out Of Date
WordPress Plugin Backup Migration Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Backup Migration Version Disclosure
WordPress Plugin Backup Migration Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Classic Editor Identified
WordPress Plugin Classic Editor Identified
No items found.
Information
WordPress Plugin Classic Editor Out Of Date
WordPress Plugin Classic Editor Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Classic Editor Version Disclosure
WordPress Plugin Classic Editor Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Contact Form 7 Identified
WordPress Plugin Contact Form 7 Identified
No items found.
Information
WordPress Plugin Contact Form 7 Out Of Date
WordPress Plugin Contact Form 7 Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Contact Form 7 Version Disclosure
WordPress Plugin Contact Form 7 Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Contact Form by WPForms Identified
WordPress Plugin Contact Form by WPForms Identified
No items found.
Information
WordPress Plugin Contact Form by WPForms Out Of Date
WordPress Plugin Contact Form by WPForms Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Contact Form by WPForms Version Disclosure
WordPress Plugin Contact Form by WPForms Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Detected
WordPress Plugin Detected
No items found.
Information
WordPress Plugin Elementor Website Builder Identified
WordPress Plugin Elementor Website Builder Identified
No items found.
Information
WordPress Plugin Elementor Website Builder Out Of Date
WordPress Plugin Elementor Website Builder Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Elementor Website Builder Version Disclosure
WordPress Plugin Elementor Website Builder Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Jetpack Identified
WordPress Plugin Jetpack Identified
No items found.
Information
WordPress Plugin Jetpack Out Of Date
WordPress Plugin Jetpack Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Jetpack Version Disclosure
WordPress Plugin Jetpack Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Jupiter X Core Identified
WordPress Plugin Jupiter X Core Identified
No items found.
Information
WordPress Plugin Jupiter X Core Out Of Date
WordPress Plugin Jupiter X Core Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Jupiter X Core Version Disclosure
WordPress Plugin Jupiter X Core Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin LiteSpeed Cache Identified
WordPress Plugin LiteSpeed Cache Identified
No items found.
Information
WordPress Plugin LiteSpeed Cache Out Of Date
WordPress Plugin LiteSpeed Cache Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin LiteSpeed Cache Version Disclosure
WordPress Plugin LiteSpeed Cache Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Login with Phone Number Identified
WordPress Plugin Login with Phone Number Identified
No items found.
Information
WordPress Plugin Login with Phone Number Out Of Date
WordPress Plugin Login with Phone Number Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Login with Phone Number Version Disclosure
WordPress Plugin Login with Phone Number Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Really Simple SSL Identified
WordPress Plugin Really Simple SSL Identified
No items found.
Information
WordPress Plugin Really Simple SSL Out Of Date
WordPress Plugin Really Simple SSL Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Really Simple SSL Version Disclosure
WordPress Plugin Really Simple SSL Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Smash Balloon Social Photo Feed Identified
WordPress Plugin Smash Balloon Social Photo Feed Identified
No items found.
Information
WordPress Plugin Smash Balloon Social Photo Feed Out Of Date
WordPress Plugin Smash Balloon Social Photo Feed Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Smash Balloon Social Photo Feed Version Disclosure
WordPress Plugin Smash Balloon Social Photo Feed Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Ultimate Member Identified
WordPress Plugin Ultimate Member Identified
No items found.
Information
WordPress Plugin Ultimate Member Out Of Date
WordPress Plugin Ultimate Member Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Ultimate Member Version Disclosure
WordPress Plugin Ultimate Member Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin UpdraftPlus Identified
WordPress Plugin UpdraftPlus Identified
No items found.
Information
WordPress Plugin Updraft Plus Out Of Date
WordPress Plugin Updraft Plus Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin Updraft Plus Version Disclosure
WordPress Plugin Updraft Plus Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin WooCommerce Identified
WordPress Plugin WooCommerce Identified
No items found.
Information
WordPress Plugin WooCommerce Out Of Date
WordPress Plugin WooCommerce Out Of Date
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
WordPress Plugin WooCommerce Version Disclosure
WordPress Plugin WooCommerce Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
WordPress Plugin Wordfence Security Identified
WordPress Plugin Wordfence Security Identified
No items found.
Information