Vulnerability Name CVE Severity
.NET JSON.NET Deserialization RCE
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102) CVE-2024-34102
AjaxControlToolkit directory traversal CVE-2015-4670
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758) CVE-2021-23758
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425
Apache 2.x version older than 2.2.3 CVE-2006-3747
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013) CVE-2021-42013 CVE-2021-41773
Apache Log4j2 JNDI Remote Code Execution CVE-2021-44228
Apache Log4j2 JNDI Remote Code Execution (404 page handler) CVE-2021-44228
Apache Log4j2 JNDI Remote Code Execution (delayed) CVE-2021-44228
Apache Log4j2 JNDI Remote Code Execution (per folder) CVE-2021-44228
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache mod_rewrite off-by-one buffer overflow vulnerability CVE-2006-3747
Apache OFBiz Log4Shell RCE CVE-2021-44228
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) CVE-2024-32113 CVE-2024-36104 CVE-2024-38856
Apache OFBiz RCE (CVE-2024-45195) CVE-2024-45195
Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) CVE-2020-9496 CVE-2023-49070
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
Apache Solr Log4Shell RCE CVE-2021-44228
Apache Solr SSRF CVE-2017-3164 CVE-2017-3164
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112 CVE-2014-0113 CVE-2014-0114
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020) CVE-2014-0094 CVE-2014-0050
Apache Struts2 remote code execution vulnerability CVE-2016-0785
Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164) CVE-2024-53677 CVE-2023-50164
Apache Struts Remote Code Execution (S2-057) CVE-2018-11776
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850) CVE-2021-27850
Apache Tomcat Remote Code Execution Vulnerability CVE-2017-12615
Apache Unomi MVEL RCE (CVE-2020-13942) CVE-2020-13942
Arbitrary EL Evaluation in RichFaces CVE-2013-2165 CVE-2015-0279
Argument Injection
Atlassian Crowd Remote Code Execution CVE-2019-11580
Authentication bypass via MongoDB operator injection
Bash code injection vulnerability CVE-2014-6271
BigIP iRule Tcl code injection
Bonita Authorization Bypass (CVE-2022-25237) CVE-2022-25237
Cacti Unauthenticated Command Injection (CVE-2022-46169) CVE-2022-46169
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392
Cisco IOS XE Web UI Implant (CVE-2023-20198) CVE-2023-20198
Citrix ADC/Gateway Unauthenticated Remote Code Execution CVE-2019-19781
Cmd hijack vulnerability
Code Evaluation (Apache Struts) S2-016 CVE-2013-2251
Code Evaluation (Apache Struts) S2-045 CVE-2017-5638
Code Evaluation (Apache Struts) S2-046 CVE-2017-5638
Code Evaluation (ASP)
Code Evaluation (Perl)
Code Evaluation (PHP)
Code Evaluation (Python)
Code Evaluation (Ruby)
Code Execution via WebDav
CodeIgniter weak encryption key
ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359 CVE-2023-26360
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
ColdFusion JNDI injection RCE CVE-2018-15957
Command Injection
Craft CMS RCE (CVE-2023-41892) CVE-2023-41892
Craft CMS register_argc_argv RCE (CVE-2024-56145) CVE-2024-56145
CrushFTP SSTI (CVE-2024-4040) CVE-2024-4040
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378) CVE-2024-51567 CVE-2024-51568 CVE-2024-51378
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272) CVE-2024-3273 CVE-2024-3272
Database User Has Admin Privileges
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971
DotCMS unrestricted file upload (CVE-2022-26352) CVE-2022-26352
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6) CVE-2006-2743
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7) CVE-2006-2831
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5) CVE-2007-0626
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0) CVE-2006-2743
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593
Drupal Core 5.x Arbitrary Code Execution (5.0) CVE-2007-0626
Drupal Core 6.x Remote Code Execution (6.0 - 6.38) CVE-2018-7600
Drupal Core 7.x Remote Code Execution (7.0 - 7.57) CVE-2018-7600
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) CVE-2018-7602
Drupal Core 7.x Remote Code Execution (7.0 - 7.73) CVE-2020-13671
Drupal Core 7.x Remote Code Execution (7.0 - 7.74) CVE-2020-28948 CVE-2020-28949
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5) CVE-2018-7600
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7) CVE-2018-7602
Drupal Core 8.5.0 Remote Code Execution (8.5.0) CVE-2018-7600
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2) CVE-2018-7602
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10) CVE-2019-6340
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) CVE-2019-6340
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) CVE-2020-13664
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10) CVE-2020-13671
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11) CVE-2020-28948 CVE-2020-28949
Drupal Core 8.9.0 Remote Code Execution (8.9.0) CVE-2020-13664
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8) CVE-2020-13671
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9) CVE-2020-28948 CVE-2020-28949
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8) CVE-2018-7600
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) CVE-2019-6340
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14) CVE-2020-13664
Drupal Core 9.0.0 Remote Code Execution (9.0.0) CVE-2020-13664
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7) CVE-2020-13671
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8) CVE-2020-28948 CVE-2020-28949
Drupal Core 9.3.x Remote Code Execution (9.3.0 - 9.3.18) CVE-2022-25277
Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2) CVE-2022-25277
Drupal Core Remote Code Execution (8.0.0 - 9.2.21) CVE-2022-25277
Drupal Remote Code Execution (SA-CORE-2018-002) CVE-2018-7600
Drupal Remote Code Execution (SA-CORE-2018-004) CVE-2018-7602
Drupal REST Remote Code Execution CVE-2019-6340
Ektron CMS multiple vulnerabilities
EktronCMS Saxon XSLT parser remote code execution CVE-2015-0931
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358
Elasticsearch remote code execution CVE-2014-3120
elFinder RCE (CVE-2021-32682) CVE-2021-32682
F5 BIG-IP Request Smuggling (CVE-2023-46747) CVE-2023-46747
F5 BIG-IP Traffic Management User Interface (TMUI) RCE CVE-2020-5902
F5 iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
FastCGI Unauthorized Access Vulnerability
Flask debug mode
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464
Fortinet Authentication bypass on administrative interface CVE-2022-40684
Fortinet FortiNAC RCE via arbitrary file upload CVE-2022-39952
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762) CVE-2024-21762
Gallery 3.0.4 remote code execution
GeoServer RCE (CVE-2024-36401) CVE-2024-36401
GhostScript RCE (Remote Code Execution) CVE-2016-3714
GitLab ExifTool RCE (CVE-2021-22205) CVE-2021-22205
GlobalProtect PAN-OS RCE (CVE-2024-3400) CVE-2024-3400
GoAhead web server remote code execution CVE-2017-17562
Grafana avatar SSRF CVE-2020-13379
Grav CMS Unauthenticated RCE (CVE-2021-21425) CVE-2021-21425
Hashicorp Consul API is accessible without authentication
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603
Horde/IMP Plesk webmail exploit
Horde Imp Unauthenticated Remote Command Execution CVE-2018-19518
Horde remote code execution CVE-2014-1691
HTTP.sys remote code execution vulnerability CVE-2015-1635
IBM ODM JNDI injection (CVE-2024-22319) CVE-2024-22319
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
ImageMagick remote code execution CVE-2016-3714
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974) CVE-2025-1974
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190) CVE-2024-8963 CVE-2024-8190
Ivanti EPM SQLi RCE (CVE-2024-29824) CVE-2024-29824
Ivanti Sentry Authentication Bypass (CVE-2023-38035) CVE-2023-38035
Java Debug Wire Protocol remote code execution
Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504
JBoss InvokerTransformer Remote Code Execution CVE-2015-7501
JBoss Seam framework remote code execution CVE-2010-1871
Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8) CVE-2019-14654
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7) CVE-2018-11321
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5) CVE-2015-8562
Joomla! JCE arbitrary file upload
Joomla! JomSocial remote code execution
Joomla! remote code execution vulnerability CVE-2015-8562
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846) CVE-2023-36845 CVE-2023-36846
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064) CVE-2021-36356 CVE-2019-17124 CVE-2021-35064
Liferay TunnelServlet Deserialization Remote Code Execution
Liferay version older than 7.0
Liferay version older than 7.1
Liferay XMLRPC Blind SSRF
Lotus Notes formula injection
Lucee CF_CLIENT_ RCE
Lucee Unset Admin Password
Magento remote code execution CVE-2015-1397 CVE-2015-1398 CVE-2015-1399
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189) CVE-2020-10189
MediaWiki remote code execution CVE-2014-1610
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473) CVE-2021-34473
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability CVE-2021-26855
Microsoft IIS 6.0 WebDAV Buffer Overflow CVE-2017-7269
Missing Authentication Check in SAP Solution Manager CVE-2020-6207
MobileIron Log4Shell RCE CVE-2021-44228
MobileIron Remote Code Execution via LogService CVE-2020-15505
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081
MongoDB $where operator JavaScript injection
MongoDB injection
MovableType remote code execution CVE-2015-1592
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
Mura/Masa CMS JSON API RCE
Nagios XI Magpie_debug.php Unauthenticated RCE CVE-2018-15708
Nette framework PHP code injection via callback CVE-2020-15227
Nginx PHP code execution via FastCGI
Nginx stack-based buffer overflow CVE-2013-2028
node-serialize Insecure Deserialization CVE-2017-5941
Node.js Debugger Unauthorized Access Vulnerability
Node.js Inspector Unauthorized Access Vulnerability
OpenX 2.8.10 backdoor CVE-2013-4211
OpenX arbitrary file upload CVE-2009-4140
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle E-Business Suite Unauthenticated Remote Code Execution CVE-2022-21587
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle WebLogic Remote Code Execution (CVE-2020-14882) CVE-2020-14882 CVE-2020-14883
Oracle WebLogic Remote Code Execution via IIOP CVE-2020-2551
Oracle WebLogic Remote Code Execution via T3 CVE-2018-3245
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
PaloAlto Networks Expedition RCE (CVE-2024-9463) CVE-2024-9463 CVE-2024-9465
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474) CVE-2024-0012 CVE-2024-9474
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108) CVE-2025-0108
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311
PHP4 IMAP module buffer overflow vulnerability
PHP4 multiple vulnerabilities CVE-2003-0860 CVE-2003-0861
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097
PHP 5.3.9 remote code execution CVE-2012-0830
PHP CGI Argument Injection (CVE-2024-4577) CVE-2024-4577
PHP code injection (pmwiki)
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP eval() used on user input
PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717
phpMoAdmin remote code execution
phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159
PHP object deserialization of user-supplied data
PHP preg_replace used on user input
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598
PHPUnit Remote Code Execution CVE-2017-9841
PHP unserialize() used on user input
PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595
PHP version older than 5.2.1 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454
PHP version older than 5.2.3 CVE-2007-1900 CVE-2007-2756 CVE-2007-2872
PHP version older than 5.2.5 CVE-2007-4840 CVE-2007-4887 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900
PHP version older than 5.2.6 CVE-2007-4850 CVE-2008-0599 CVE-2008-0674 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051
Plone arbitrary code execution CVE-2011-3587
PrimeFaces 5.x Expression Language injection CVE-2017-1000486
Progress Kemp LoadMaster RCE (CVE-2024-1212) CVE-2024-1212
Python Debugger Unauthorized Access Vulnerability
Python object deserialization of user-supplied data
Rails remote code execution using render :inline CVE-2016-2098
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887) CVE-2024-21887
RCE in SQL Server Reporting Services (SSRS) CVE-2020-0618
RCE with Spring Data Commons CVE-2018-1273
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface CVE-2020-2036
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692) CVE-2024-23692
Remote Code Execution (RCE) in Spring Security OAuth CVE-2016-4977
Remote Code Execution (Spring4Shell) CVE-2022-22965
Remote code execution in bootstrap-sass 3.2.0.3 CVE-2019-10842
Remote code execution of user-provided local names in Rails CVE-2020-8163
Remote code execution vulnerability in WordPress Duplicator
Remote File Inclusion
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) CVE-2024-6387
Ruby on Rails directory traversal vulnerability CVE-2014-0130
Ruby on Rails DoubleTap RCE (CVE-2019-5420) CVE-2019-5420
Ruby on Rails weak/known secret token CVE-2013-0156
SAP Hybris Deserialization RCE CVE-2019-0344
SAP NetWeaver ConfigServlet remote command execution
Security update: Hotfix available for ColdFusion CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632
Server-side JavaScript injection
Server-Side Template Injection
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218) CVE-2025-27218
Sitecore XP Deserialization RCE (CVE-2021-42237) CVE-2021-42237
Sitecore XP TemplateParser RCE (CVE-2023-35813) CVE-2023-35813
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
Spring Boot Whitelabel Error Page SpEL
Spring Data REST RCE via PATCH requests CVE-2017-8046
Struts 2 development mode
Struts2/XWork remote command execution (S2-014) CVE-2013-1966 CVE-2013-2115
Symfony ESI (Edge-Side Includes) enabled
Symfony RCE via weak/predictable APP_SECRET
Symfony weak application secret
SysAid On-Premise RCE (CVE-2023-47246) CVE-2023-47246
Telerik Web UI Insecure Direct Object Reference CVE-2017-11357
Telerik Web UI RadAsyncUpload Deserialization CVE-2019-18935
Telerik Web UI Unrestricted File Upload (CVE-2014-2217) CVE-2014-2217
Telerik Web UI Unrestricted File Upload (CVE-2017-11317) CVE-2017-11317
Text4shell: Apache Commons Text RCE via insecure interpolation CVE-2022-42889
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
Tiki Wiki CMS: Arbitrary Code Execution
Tiki Wiki CMS: Remote Code Execution via Calendar Module
timthumb.php remote code execution CVE-2011-4106
TimThumb WebShot remote code execution
TinyMCE ajax_create_folder remote code execution vulnerability
Ubiquiti Unifi Log4Shell RCE CVE-2021-44228
Umbraco CMS remote code execution
Umbraco CMS TemplateService remote code execution CVE-2013-4793
Unauthenticated OGNL injection in Confluence Server and Data Center CVE-2021-26084
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527) CVE-2023-22527
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618 CVE-2020-7961
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center CVE-2022-26134
uWSGI Unauthorized Access Vulnerability
vBSEO 3.6.0 PHP code injection CVE-2012-5223
vBulletin 5 CONNECT remote code execution
vBulletin 5.x 0day pre-auth RCE
vBulletin PHP object injection vulnerability
vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
VMware Aria Operations for Networks RCE (CVE-2023-20887) CVE-2023-20887
VMware Horizon Log4Shell RCE CVE-2021-44228
VMware vCenter Log4Shell RCE CVE-2021-44228
VMware vCenter Server Unauthorized Remote Code Execution CVE-2021-21972
VMware Workspace ONE Access SSTI (CVE-2022-22954) CVE-2022-22954
Webmin v1.920 Unauhenticated Remote Command Execution CVE-2019-15107
WooFramework shortcode exploit
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2) CVE-2008-5695
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2) CVE-2006-2667 CVE-2006-2702
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1) CVE-2007-1277
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2) CVE-2008-4796
WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)
WordPress 6.0.x Shortcode Execution (6.0 - 6.0.4)
WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)
WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)
WordPress 6.4.x Remote Code Execution (6.4 - 6.4.1)
WordPress caching plugins PHP code execution CVE-2013-2010
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3) CVE-2005-2612
WordPress OptimizePress unrestricted file upload CVE-2013-7102
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21) CVE-2019-15324
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2) CVE-2014-6059
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2) CVE-2014-8794
WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Remote Code Execution (4.1.0.1) CVE-2021-24307
WordPress Plugin Analytics Remote Code Execution (1.7)
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9) CVE-2018-18461
WordPress Plugin Backup Migration Remote Code Execution (1.3.7) CVE-2023-6553
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1) CVE-2011-4342 CVE-2011-5208
WordPress Plugin Best Seo Remote Code Execution (1.5)
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
WordPress Plugin Bricks Remote Code Execution (1.9.6) CVE-2024-25600
WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Remote Code Execution (5.5.15) CVE-2023-25699
WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1) CVE-2022-0440
WordPress Plugin CiviCRM Remote Code Execution (5.24.2) CVE-2020-36388
WordPress Plugin CM Download Manager Code Injection (2.0.3) CVE-2014-8877
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Cool Video Gallery Command Injection (1.9) CVE-2015-7527
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5) CVE-2015-3173
WordPress Plugin Divi Builder PHP Code Injection (4.0.9)
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)
WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6) CVE-2020-26596
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2) CVE-2019-15318
WordPress Plugin eShop Code Injection (6.3.11) CVE-2015-3421
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10) CVE-2014-3114
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Feedify Remote Code Execution (2.0.0)
WordPress Plugin File Gallery Remote Code Execution (1.7.9) CVE-2014-2558
WordPress Plugin File Manager Remote Code Execution (4.5)
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0) CVE-2020-29045
WordPress Plugin Flamingo Code Injection (1.1)
WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Remote Code Execution (2.05.01)
WordPress Plugin Form Manager Remote Command Execution (1.7.2) CVE-2015-7806
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
WordPress Plugin Google Map Remote Code Execution (1.0)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4) CVE-2019-15647
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5) CVE-2021-24546
WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4) CVE-2023-4521
WordPress Plugin Include Me Remote Code Execution (1.2.1) CVE-2021-24453
WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997) CVE-2019-15649
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)
WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0) CVE-2017-9841
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
WordPress Plugin Loco Translate PHP Code Injection (2.5.3) CVE-2021-24721
WordPress Plugin MailPress Remote Code Execution (7.0.2)
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Master Popups Remote Code Execution (1.0.0)
WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2) CVE-2016-10033 CVE-2016-10045
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10)
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4) CVE-2009-4140
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3) CVE-2022-24663 CVE-2022-24664 CVE-2022-24665
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228) CVE-2018-15877
WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1) CVE-2017-9841
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1) CVE-2024-6365
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5) CVE-2019-15873
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)
WordPress Plugin Secure File Manager Remote Code Execution (2.8.1) CVE-2020-35235
WordPress Plugin Share Possible Remote Code Execution (1.0)
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5) CVE-2021-24537
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0) CVE-2019-14467
WordPress Plugin Statistics Remote Code Execution (1.8)
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
WordPress Plugin ThemeREX Addons Remote Code Execution (All) CVE-2020-10257
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Remote Code Execution (2.0.32)
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)
WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89) CVE-2023-6743
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
WordPress Plugin VaultPress Remote Code Execution (1.9.0)
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1) CVE-2012-1785
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8) CVE-2013-2010
WordPress Plugin WishList Member X Remote Code Execution (3.25.1) CVE-2024-37109
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)
WordPress Plugin WooCommerce Remote Code Execution (4.0.1)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0) CVE-2015-5227
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)
WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11) CVE-2021-24684
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01) CVE-2016-10033 CVE-2016-10045
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9) CVE-2009-2852
WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)
WordPress Plugin wp heyloyalty Remote Code Execution (1.1.4) CVE-2017-9841
WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2) CVE-2020-29047
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6) CVE-2018-20156
WordPress Plugin WP Super Cache PHP Code Injection (1.2) CVE-2013-2009 CVE-2013-2011
WordPress Plugin WP Super Cache Remote Code Execution (1.7.1) CVE-2021-24209
WordPress Plugin wSecure Lite Remote Code Execution (2.3) CVE-2016-10960
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0) CVE-2018-19370
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress Super Socialat backdoor plugin
Xdebug remote code execution via xdebug.remote_connect_back
Array