Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity .htaccess file readable CWE-443 CWE-443 Medium Access database found CWE-538 CWE-538 Medium Adminer 4.6.2 file disclosure vulnerability CWE-22 CWE-22 High Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 CWE-22 High Amazon S3 public bucket CWE-264 CWE-264 Medium Amazon S3 publicly writable bucket CWE-264 CWE-264 High Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789 CWE-119 CWE-119 Medium Apache Axis2 administration console weak password CWE-200 CWE-200 High Apache Axis2 information disclosure CWE-200 CWE-200 Medium Apache Axis2 web services enumeration CWE-200 CWE-200 Low Apache balancer-manager application publicly accessible CWE-200 CWE-200 Medium Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 CWE-264 Medium Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache perl-status enabled CWE-200 CWE-200 Medium Apache server-info enabled CWE-200 CWE-200 Medium Apache server-status enabled CWE-200 CWE-200 Medium Apache Solr endpoint CWE-200 CWE-200 Low Apache solr service exposed CWE-200 CWE-200 High Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Apache Tomcat examples directory vulnerabilities CWE-264 CWE-264 Medium Apache Tomcat Information Disclosure CVE-2017-7674 CVE-2017-12616 CWE-200 CWE-200 High Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461 CWE-79 CWE-79 Medium Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355 CWE-79 CWE-79 Medium Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 CWE-264 CWE-264 High Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 CWE-264 High apc.php page found CWE-538 CWE-538 Medium Application error messages CWE-209 CWE-209 Medium Arbitrary file existence disclosure in Action Pack CVE-2014-7829 CWE-200 CWE-200 Medium ASP.NET application trace enabled CWE-215 CWE-215 Medium ASP.NET custom errors disabled CWE-12 CWE-12 Medium ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET diagnostic page CWE-200 CWE-200 Medium ASP.NET error message CWE-12 CWE-12 Medium ASP.NET MVC version disclosure CWE-200 CWE-200 Low ASP.NET path disclosure CWE-200 CWE-200 Low ASP.NET version disclosure CWE-200 CWE-200 Low Atlassian Confluence Access Restriction Bypass CVE-2017-9505 Medium Atlassian Confluence information disclosure CVE-2017-7415 High Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283 Medium Atlassian Jira Manage Filters information disclosure CWE-200 CWE-200 Low AWStats script CWE-538 CWE-538 Medium Backup files CWE-538 CWE-538 Medium Bazaar repository found CWE-538 CWE-538 High Chrome Logger information disclosure CWE-200 CWE-200 Medium ColdFusion path disclosures CWE-200 CWE-200 Low ColdFusion Request Debugging information disclosure CWE-200 CWE-200 Medium ColdFusion Robust Exception enabled CWE-200 CWE-200 Medium Configuration file disclosure CWE-538 CWE-538 High Configuration file source code disclosure CWE-538 CWE-538 High Core dump checker PHP script CWE-200 CWE-200 Medium Core dump file CWE-200 CWE-200 High Credit card number disclosed CWE-200 CWE-200 Medium CVS web repository CWE-527 CWE-527 High Database connection string disclosure CWE-200 CWE-200 Medium Development configuration files CWE-538 CWE-538 Medium Devise weak password CWE-200 CWE-200 High Directory listings CWE-538 CWE-538 Medium Django debug mode enabled CWE-200 CWE-200 Medium Documentation files CWE-538 CWE-538 Low Dotenv .env file CWE-538 CWE-538 High Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554 CWE-264 CWE-264 High Drupal Backup Migrate directory publicly accessible CWE-538 CWE-538 High Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374 CWE-200 CWE-200 High Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983 CWE-200 CWE-200 High Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922 CWE-200 CWE-200 High Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983 CWE-200 CWE-200 High Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9) CVE-2020-13670 CWE-200 CWE-200 High Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5) CVE-2020-13670 CWE-200 CWE-200 High Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14) CVE-2020-13670 CWE-200 CWE-200 High Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5) CVE-2020-13670 CWE-200 CWE-200 High Drupal Views module information disclosure vulnerability CWE-200 CWE-200 Medium Elasticsearch service accessible CWE-200 CWE-200 High elmah.axd information disclosure CWE-209 CWE-209 Medium Email addresses CWE-200 CWE-200 Informational Error messages CWE-209 CWE-209 Medium Error page path disclosure CWE-200 CWE-200 Low Error page web server version disclosure CWE-200 CWE-200 Informational File Content Disclosure in Action View CVE-2019-5418 CWE-200 CWE-200 High Folder backup CWE-538 CWE-538 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium Frontpage extensions enabled CWE-16 CWE-16 Medium Full public read access Azure blob storage CWE-264 CWE-264 Medium Git repository found CWE-527 CWE-527 High GlassFish admin console weak credentials CWE-693 CWE-693 High Global.asa backup file found CWE-538 CWE-538 Medium Golang runtime profiling data CWE-200 CWE-200 Medium HTML Form found in redirect page CWE-287 CWE-287 Low IBM Web Content Manager XPath injection CVE-2013-6735 CWE-264 CWE-264 High IBM WebSphere/WebLogic application source file exposure CWE-200 CWE-200 High IBM WebSphere administration console weak password CWE-200 CWE-200 High Insecure transition from HTTPS to HTTP in form post CWE-200 CWE-200 Low Insecure transition from HTTP to HTTPS in form post CWE-200 CWE-200 Medium Internal IP address disclosure CWE-200 CWE-200 Informational Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low JBoss BSHDeployer MBean CWE-200 CWE-200 High JBoss HttpAdaptor JMXInvokerServlet CWE-94 CWE-94 High JBoss JMX Console Unrestricted Access CWE-200 CWE-200 High JBoss JMX management console CWE-200 CWE-200 High JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448 CWE-611 CWE-611 High JBoss ServerInfo MBean CVE-2010-0738 CWE-200 CWE-200 High JBoss Server MBean CWE-200 CWE-200 High JBoss status servlet information leak CVE-2010-1429 CWE-200 CWE-200 Medium JBoss Web Console JMX Invoker CWE-200 CWE-200 High JBoss web service console CWE-200 CWE-200 Low Jenkins dashboard CWE-200 CWE-200 Medium Jenkins user enumeration CWE-200 CWE-200 Low Jenkins weak password CWE-200 CWE-200 High JetBrains .idea project directory CWE-538 CWE-538 Medium JetLeak vulnerability CVE-2015-2080 CWE-200 CWE-200 High Joe Editor DEADJOE file CWE-538 CWE-538 Low Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911 CWE-200 CWE-200 High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12) CWE-200 CWE-200 High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14) CWE-200 CWE-200 High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432 CWE-200 CWE-200 High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629 CWE-200 CWE-200 High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599 CWE-264 CWE-264 High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3) CWE-200 CWE-200 High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821 CWE-200 CWE-200 High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0819 CWE-200 CWE-200 High Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0) CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-3629 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0821 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0837 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836 CWE-200 CWE-200 High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0835 CWE-200 CWE-200 High Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0837 CWE-200 CWE-200 High Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0835 CWE-200 CWE-200 High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611 CWE-200 CWE-200 High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748 CWE-200 CWE-200 High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453 CWE-200 CWE-200 High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057 CWE-200 CWE-200 High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1453 CWE-200 CWE-200 High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455 CWE-200 CWE-200 High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1454 CWE-200 CWE-200 High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057 CWE-200 CWE-200 High Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5) CVE-2017-14595 CWE-200 CWE-200 High Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22) CVE-2020-35614 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7) CVE-2018-11325 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19) CVE-2020-15698 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7) CVE-2018-11327 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5) CVE-2017-8057 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12) CVE-2019-18674 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1) CVE-2017-16633 CWE-200 CWE-200 High Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13) CVE-2019-19845 CWE-200 CWE-200 High Joomla! Core Information Disclosure (1.5.0 - 3.7.5) CVE-2017-14596 CWE-200 CWE-200 High Joomla! Core Information Disclosure (1.5.0 - 3.8.1) CVE-2017-14596 CWE-200 CWE-200 High Joomla! Core Information Disclosure (2.5.0 - 3.9.22) CVE-2020-35610 CWE-200 CWE-200 High Joomla! Core Information Disclosure (2.5.0 - 3.9.22) CVE-2020-35611 CWE-200 CWE-200 High JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040 CWE-538 CWE-538 Medium JVM version leakage CWE-200 CWE-200 Informational Laravel log file publicly accessible CWE-538 CWE-538 Medium Macromedia Dreamweaver remote database scripts CVE-2004-1893 CWE-200 CWE-200 High Magento Cacheleak CWE-200 CWE-200 High MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042 CWE-200 CWE-200 High Mercurial repository found CWE-538 CWE-538 High Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-264 CWE-264 High Microsoft IIS Server service.cnf file found CWE-538 CWE-538 Low Microsoft IIS tilde directory enumeration CWE-20 CWE-20 High Microsoft IIS version disclosure CWE-200 CWE-200 Informational Microsoft Office possible sensitive information CWE-200 CWE-200 Low Minify arbitrary file disclosure CVE-2013-6619 CWE-538 CWE-538 High MongoDB HTTP status interface CWE-200 CWE-200 Medium Multiple vulnerabilities in Ioncube loader-wizard.php CWE-552 CWE-552 High MySQL connection credentials CWE-538 CWE-538 High MySQL username disclosure CWE-538 CWE-538 Low Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180 CWE-399 CWE-399 High nginx range filter integer overflow CVE-2017-7529 CWE-200 CWE-200 Medium npm log file publicly accessible (npm-debug.log) CWE-200 CWE-200 Medium OData feed accessible anonymously CWE-200 CWE-200 Low Oracle applications logs publicy available CWE-200 CWE-200 Medium Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827 CWE-22 CWE-22 High Oracle Reports Services RWServlet environment variables disclosure CWE-200 CWE-200 Low Padding oracle attack CWE-209 CWE-209 High Password field submitted using GET method CWE-200 CWE-200 Medium PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311 CWE-20 CWE-20 High PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200 CWE-200 Medium PHP-FPM Status Page CWE-200 CWE-200 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP errors enabled CWE-209 CWE-209 Medium PHPinfo page CWE-200 CWE-200 Medium PHPinfo pages CWE-200 CWE-200 Medium PHP opcache-status page publicly accessible CWE-200 CWE-200 Medium Possible database backup CWE-538 CWE-538 High Possible sensitive directories CWE-200 CWE-200 Low Possible sensitive files CWE-200 CWE-200 Low Possible server path disclosure (Unix) CWE-200 CWE-200 Informational Possible server path disclosure (Windows) CWE-200 CWE-200 Informational Possible social security number disclosed CWE-200 CWE-200 Medium Possible SQL Statement in comment CWE-200 CWE-200 Low Possible username or password disclosure CWE-200 CWE-200 Informational Possible virtual host found CWE-200 CWE-200 Low rack-mini-profiler environment variables disclosure CWE-287 CWE-287 Medium Rails controller possible sensitive information disclosure CWE-200 CWE-200 Medium Reachable SharePoint interface CWE-200 CWE-200 High RSA private key CWE-200 CWE-200 High Ruby on Rails database configuration file CWE-538 CWE-538 High SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP Management Console get user list CWE-200 CWE-200 High SAP Management Console list logfiles CWE-200 CWE-200 High SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium SAP weak/predictable user credentials CWE-200 CWE-200 High Secrets leakage CWE-200 CWE-200 Medium Sensitive pages could be cached CWE-200 CWE-200 Low Server-based source code disclosures CWE-538 CWE-538 Medium Session token in URL CWE-200 CWE-200 Low SFTP/FTP credentials exposure CWE-200 CWE-200 High SharePoint exposed web services CWE-200 CWE-200 Medium SharePoint user enumeration CWE-200 CWE-200 High Snoop Servlet information disclosure CWE-200 CWE-200 Low Source code disclosures CWE-538 CWE-538 Medium SQLite database found CWE-538 CWE-538 Medium Stack Trace Disclosure (Apache MyFaces) CWE-209 CWE-209 Low Stack Trace Disclosure (ASP.NET) CWE-209 CWE-209 Low Stack Trace Disclosure (CakePHP) CWE-209 CWE-209 Low Stack Trace Disclosure (CherryPy) CWE-209 CWE-209 Low Stack Trace Disclosure (ColdFusion) CWE-209 CWE-209 Low Stack Trace Disclosure (Grails) CWE-209 CWE-209 Low Stack Trace Disclosure (GWT) CWE-209 CWE-209 Low Stack Trace Disclosure (Java) CWE-209 CWE-209 Low Stack Trace Disclosure (Laravel) CWE-209 CWE-209 Low Stack Trace Disclosure (Python) CWE-209 CWE-209 Low Stack Trace Disclosure (Rails) CWE-209 CWE-209 Low Stack Trace Disclosure (Ruby) CWE-209 CWE-209 Low Stack Trace Disclosure (Tomcat) CWE-209 CWE-209 Low SVN repository found CWE-538 CWE-538 High Symfony databases.yml configuration file CWE-538 CWE-538 High Symfony web debug toolbar CWE-489 CWE-489 Medium The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High Tiki Wiki CMS: Arbitrary Code Execution High Tiki Wiki CMS: Arbitrary File Download High Tiki Wiki CMS: Remote Code Execution via Calendar Module High Tomcat status page CWE-200 CWE-200 Low Unencrypted __VIEWSTATE parameter CWE-200 CWE-200 Medium Unprotected JSON file leaking secrets CWE-200 CWE-200 Medium Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to NGINX+ API interface (read only) CWE-200 CWE-200 Medium Unrestricted access to NGINX+ API interface (read write) CWE-200 CWE-200 High Unrestricted access to NGINX+ Dashboard CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Status module CWE-200 CWE-200 Low Unrestricted access to NGINX+ Upstream HTTP interface CWE-200 CWE-200 Medium vBulletin customer number disclosure CVE-2013-6129 CWE-264 CWE-264 High Virtual host directory listing CWE-538 CWE-538 Medium W3 total cache debug mode CWE-489 CWE-489 Medium Weak password CWE-200 CWE-200 High web.xml configuration file disclosure CWE-538 CWE-538 High webadmin.php script CWE-552 CWE-552 High Webalizer script CWE-538 CWE-538 Medium Web application default/weak credentials CWE-200 CWE-200 High WebDAV directory listing CWE-538 CWE-538 Medium WebLogic admin console weak credentials CWE-693 CWE-693 High Webmail weak password CWE-200 CWE-200 High Web server default welcome page CWE-200 CWE-200 Informational WordPress database credentials disclosure CWE-538 CWE-538 Medium WordPress debug mode CWE-200 CWE-200 High WordPress full path disclosure CWE-200 CWE-200 Low WordPress pingback scanner CVE-2013-0235 CWE-918 CWE-918 Medium WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540 CWE-200 CWE-400 CWE-200 CWE-400 High WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8) CWE-200 CWE-200 High WordPress Plugin AccessAlly Information Disclosure (3.5.6) CVE-2021-24226 CWE-200 CWE-200 High WordPress Plugin ACF to REST API Information Disclosure (3.2.0) CVE-2020-13700 CWE-200 CWE-200 High WordPress Plugin Activity Log Information Disclosure (2.2.12) CWE-200 CWE-200 High WordPress Plugin Acumbamail Information Disclosure (1.0.4) CWE-200 CWE-200 High WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0) CWE-200 CWE-200 High WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2) CWE-200 CWE-200 High WordPress Plugin Advanced Woo Search Information Disclosure (1.99) CVE-2020-12070 CWE-200 CWE-200 High WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4) CWE-611 CWE-611 High WordPress Plugin AlertWire Information Disclosure (1.1.1) CWE-200 CWE-200 High WordPress Plugin All-in-One WP Migration Information Disclosure (7.0) CWE-200 CWE-200 High WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve Your SEO Rankings Information Disclosure (2.2.5.1) CVE-2015-0902 CWE-200 CWE-200 High WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92) CWE-538 CWE-538 High WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0) CWE-22 CWE-22 High WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0) CWE-22 CWE-22 High WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0) CWE-22 CWE-22 High WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0) CWE-22 CWE-22 High WordPress Plugin BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743 CVE-2013-2744 CWE-200 CWE-200 High WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2) CWE-538 CWE-538 High WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0) CWE-200 CWE-200 High WordPress Plugin BuddyPress Information Disclosure (5.1.1) CVE-2020-5244 CWE-200 CWE-200 High WordPress Plugin BulletProof Security Information Disclosure (5.1) CVE-2021-39327 CWE-200 CWE-200 High WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1) CWE-538 CWE-538 High WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2) CWE-200 CWE-200 High WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6) CWE-538 CWE-538 High WordPress Plugin Candidate Application Form Arbitrary File Download (1.0) CVE-2015-1000005 CWE-22 CWE-22 High WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461 CWE-22 CWE-22 High WordPress Plugin Cherry Services List Information Disclosure (1.4.1) CWE-200 CWE-200 High WordPress Plugin Cherry Team Members Information Disclosure (1.4.1) CWE-200 CWE-200 High WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4) CWE-538 CWE-538 High WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2) CWE-22 CWE-22 High WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46) CWE-22 CWE-22 High WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11) CWE-538 CWE-538 High WordPress Plugin Contact Form 7 Database Information Disclosure (1.3) CWE-200 CWE-200 High WordPress Plugin Contact Form Email Information Disclosure (1.2.66) CWE-200 CWE-200 High WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1) CVE-2012-0896 CWE-22 CWE-79 CWE-22 CWE-79 High WordPress Plugin Count per Day Information Disclosure (3.2.5) CWE-200 CWE-200 High WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5) CWE-22 CWE-22 High WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10) CWE-22 CWE-22 High WordPress Plugin Credova_Financial Information Disclosure (1.4.8) CVE-2021-39342 CWE-200 CWE-200 High WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15) CWE-538 CWE-538 High WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4) CWE-200 CWE-200 High WordPress Plugin Download Monitor Information Disclosure (1.6.3) CWE-538 CWE-538 High WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1) CWE-22 CWE-22 High WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0) CVE-2015-4704 CWE-22 CWE-22 High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) CWE-22 CWE-22 High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26) CVE-2020-11738 CWE-538 CWE-538 High WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3) CWE-200 CWE-200 High WordPress Plugin Easy Author Image Information Disclosure (1.5) CWE-200 CWE-200 High WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0) CWE-22 CWE-22 High WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6) CWE-200 CWE-200 High WordPress Plugin Email Log Information Disclosure (1.9) CWE-200 CWE-200 High WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0) CWE-200 CWE-200 High WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7) CVE-2018-6015 CWE-200 CWE-200 High WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1) CWE-22 CWE-22 High WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6) CVE-2019-19983 CWE-200 CWE-200 High WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1) CWE-22 CWE-22 High WordPress Plugin File Manager Information Disclosure (6.4) CVE-2020-24312 CWE-200 CWE-200 High WordPress Plugin Find My Blocks Information Disclosure (3.3.2) CVE-2021-24677 CWE-200 CWE-200 High WordPress Plugin FireStats Arbitrary File Download (1.6.5) CWE-538 CWE-538 High WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16) CWE-200 CWE-200 High WordPress Plugin Formidable Form Builder-Contact Form, Survey & Quiz Forms for WordPress Information Disclosure (2.0.07) CWE-200 CWE-200 High WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) CVE-2012-4920 CWE-22 CWE-22 High WordPress Plugin Fusion Engage Local File Disclosure (1.0.5) CWE-22 CWE-22 High WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24) CVE-2014-8491 CWE-200 CWE-200 High WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59) CWE-22 CWE-89 CWE-22 CWE-89 High WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3) CWE-538 CWE-538 High WordPress Plugin Ghost Arbitrary File Download (0.5.5) CWE-538 CWE-538 High WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1) CWE-95 CWE-200 CWE-95 CWE-200 High WordPress Plugin GlotPress Information Disclosure (2.2.1) CWE-200 CWE-200 High WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0) CVE-2017-5223 CWE-200 CWE-200 High WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) CVE-2012-4915 CWE-22 CWE-22 High WordPress Plugin Google Drive for WordPress Information Disclosure (2.2) CWE-538 CWE-538 High WordPress Plugin Gravity Forms Information Disclosure (2.4.8) CVE-2020-13764 CWE-200 CWE-200 High WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4) CWE-538 CWE-538 High WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0) CWE-538 CWE-538 High WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3) CWE-538 CWE-538 High WordPress Plugin History Collection Arbitrary File Download (1.1.1) CWE-538 CWE-538 High WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6) CVE-2014-9177 CWE-200 CWE-200 High WordPress Plugin IBS Mappro Arbitrary File Download (0.6) CVE-2015-5472 CWE-22 CWE-22 High WordPress Plugin Image Export Arbitrary File Download (1.1.0) CVE-2015-5609 CWE-22 CWE-22 High WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42) CWE-22 CWE-22 High WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1) CWE-200 CWE-200 High WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1) CVE-2021-24374 CWE-200 CWE-200 High WordPress Plugin Jigoshop Information Disclosure (1.17.9) CWE-200 CWE-200 High WordPress Plugin JM Twitter Cards Information Disclosure (6.1) CWE-200 CWE-200 High WordPress Plugin Log Emails Information Disclosure (1.0.6) CWE-200 CWE-200 High WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8) CWE-22 CWE-22 High WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0) CWE-538 CWE-538 High WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1) CWE-22 CWE-22 High WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1) CWE-538 CWE-538 High WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0) CWE-200 CWE-200 High WordPress Plugin Membership Simplified Arbitrary File Download (1.58) CVE-2017-1002008 CWE-538 CWE-538 High WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5) CWE-538 CWE-538 High WordPress Plugin MetaSlider Information Disclosure (3.3.1) CWE-200 CWE-200 High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4) CWE-538 CWE-538 High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5) CWE-538 CWE-538 High WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2) CVE-2015-1000008 CWE-200 CWE-200 High WordPress Plugin MP3-jPlayer Local File Disclosure (2.3) CWE-538 CWE-538 High WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0) CWE-538 CWE-538 High WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11) CVE-2013-0291 CWE-200 CWE-200 High WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8) CWE-200 CWE-200 High WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512 CWE-79 CWE-200 CWE-79 CWE-200 High WordPress Plugin Page and Post Clone Information Disclosure (1.1) CWE-200 CWE-200 High WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752 CWE-22 CWE-22 High WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9) CWE-538 CWE-538 High WordPress Plugin Paid Memberships Pro Information Disclosure (2.5.2) CWE-200 CWE-200 High WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3) CWE-538 CWE-538 High WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0) CWE-22 CWE-22 High WordPress Plugin Pike Firewall Information Disclosure (1.4) CWE-200 CWE-200 High WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5) CVE-2012-3588 CWE-22 CWE-22 High WordPress Plugin Popup Maker-Popup Forms, Optins & More Information Disclosure (1.8.11) CVE-2019-17574 CWE-200 CWE-200 High WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6) CWE-538 CWE-538 High WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1) CWE-538 CWE-538 High WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0) CWE-538 CWE-538 High WordPress Plugin RB Agency Local File Disclosure (2.4.7) CWE-22 CWE-22 High WordPress Plugin Recent Backups Arbitrary File Download (0.7) CVE-2015-1000006 CWE-22 CWE-22 High WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7) CVE-2015-9464 CWE-22 CWE-22 High WordPress Plugin Save Contact Form 7 Information Disclosure (2.0) CWE-200 CWE-200 High WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1) CVE-2014-9511 CWE-538 CWE-538 High WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17) CWE-22 CWE-22 High WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0) CWE-538 CWE-538 High WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4) CWE-200 CWE-200 High WordPress Plugin ShareYourCart Information Disclosure (1.6.1) CVE-2012-4332 CWE-200 CWE-200 High WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5) CVE-2014-4942 CWE-200 CWE-200 High WordPress Plugin Simple Backup Arbitrary File Download (2.7.10) CWE-538 CWE-538 High WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0) CWE-22 CWE-22 High WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) CVE-2012-6313 CWE-200 CWE-200 High WordPress Plugin Simple History Information Disclosure (1.0.7) CWE-200 CWE-200 High WordPress Plugin Simple History Information Disclosure (2.7.4) CWE-200 CWE-200 High WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0) CVE-2015-1000010 CWE-538 CWE-538 High WordPress Plugin Simply Static Arbitrary File Download (1.6.2) CWE-22 CWE-22 High WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4) CWE-538 CWE-538 High WordPress Plugin Slack-Chat Information Disclosure (1.5.5) CVE-2019-14367 CWE-200 CWE-200 High WordPress Plugin Slideshow Information Disclosure (2.2.21) CVE-2015-3634 CWE-200 CWE-200 High WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12) CWE-79 CWE-200 CWE-79 CWE-200 High WordPress Plugin SL User Create Information Disclosure (0.2.4) CWE-200 CWE-200 High WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1) CWE-94 CWE-200 CWE-94 CWE-200 High WordPress Plugin Social Network Tabs Information Disclosure (1.7.1) CVE-2018-20555 CWE-200 CWE-200 High WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3) CWE-352 CWE-538 CWE-352 CWE-538 High WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0) CWE-200 CWE-200 High WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7) CWE-79 CWE-79 High WordPress Plugin Stop User Enumeration Security Bypass (1.3.18) CWE-264 CWE-264 High WordPress Plugin Stop User Enumeration User Enumeration (1.2.4) CWE-203 CWE-203 High WordPress Plugin Stop User Enumeration User Enumeration (1.3.4) CWE-203 CWE-203 High WordPress Plugin Stop User Enumeration User Enumeration (1.3.8) CWE-203 CWE-203 High WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2) CWE-200 CWE-200 High WordPress Plugin Super Refer A Friend Information Disclosure (1.0) CWE-200 CWE-200 High WordPress Plugin Swim Team Arbitrary File Download (1.44.1077) CVE-2015-5471 CWE-22 CWE-22 High WordPress Plugin Theme Editor Arbitrary File Download (2.5) CVE-2021-24154 CWE-538 CWE-538 High WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3) CWE-22 CWE-22 High WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19) CVE-2021-24585 CWE-200 CWE-200 High WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7) CWE-22 CWE-22 High WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9) CWE-200 CWE-200 High WordPress Plugin TRADIES Information Disclosure (2.2.6) CWE-200 CWE-200 High WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1) CWE-22 CWE-22 High WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1) CWE-22 CWE-22 High WordPress Plugin Ultimate CSV Importer Arbitrary File Disclosure (3.7) CWE-22 CWE-22 High WordPress Plugin Ultimate CSV Importer Information Disclosure (3.6.74) CWE-200 CWE-200 High WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5) CWE-200 CWE-200 High WordPress Plugin UnGallery Local File Disclosure (1.5.8) CWE-22 CWE-22 High WordPress Plugin Unyson Information Disclosure (2.7.18) CWE-200 CWE-200 High WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5) CWE-538 CWE-538 High WordPress Plugin User Meta Manager Information Disclosure (3.4.7) CWE-200 CWE-200 High WordPress Plugin User Profile Picture Information Disclosure (2.4.0) CVE-2021-24170 CWE-200 CWE-200 High WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1) CVE-2012-1786 CWE-200 CWE-200 High WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0) CVE-2012-6651 CWE-22 CWE-22 High WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3) CVE-2019-6715 CWE-538 CWE-538 High WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) CWE-200 CWE-200 High WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10) CVE-2019-15330 CWE-538 CWE-538 High WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7) CWE-200 CWE-200 High WordPress Plugin WooCommerce Arbitrary File Download (3.4.5) CWE-538 CWE-538 High WordPress Plugin WooCommerce Email Test Information Disclosure (1.5) CWE-200 CWE-200 High WordPress Plugin WooCommerce Information Disclosure (4.5.2) CVE-2020-29156 CWE-200 CWE-200 High WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1) CWE-200 CWE-200 High WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1) CVE-2014-5337 CWE-264 CWE-264 High WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2) CVE-2015-9269 CWE-200 CWE-200 High WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0) CVE-2015-4703 CWE-538 CWE-538 High WordPress Plugin WordPress Social Stream Information Disclosure (1.6) CWE-522 CWE-522 High WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60) CWE-22 CWE-22 High WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0) CWE-22 CWE-22 High WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3) CWE-22 CWE-22 High WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28) CWE-200 CWE-200 High WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1) CWE-22 CWE-22 High WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2) CWE-200 CWE-200 High WordPress Plugin WP Activity Log Information Disclosure (3.1.1) CVE-2018-8719 CWE-200 CWE-200 High WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3) CWE-538 CWE-538 High WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5) CWE-22 CWE-22 High WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1) CVE-2011-1669 CWE-22 CWE-22 High WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5) CVE-2015-5468 CWE-22 CWE-22 High WordPress Plugin WP Easy full backup Information Disclosure (1.4) CWE-200 CWE-200 High WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2) CWE-538 CWE-538 High WordPress Plugin WP Import Export Information Disclosure (3.9.15) CVE-2022-0236 CWE-200 CWE-200 High WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15) CVE-2022-0236 CWE-200 CWE-200 High WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1) CVE-2019-14365 CWE-200 CWE-200 High WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0) CVE-2014-9013 CVE-2014-9014 CWE-22 CWE-22 High WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7) CWE-22 CWE-22 High WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) CWE-22 CWE-538 CWE-22 CWE-538 High WordPress Plugin WP PHP widget Information Disclosure (1.0.2) CVE-2013-0721 CWE-200 CWE-200 High WordPress Plugin WP REST API (WP API) Information Disclosure (1.2) CWE-200 CWE-200 High WordPress Plugin WP SlackSync Information Disclosure (1.8.5) CVE-2019-14366 CWE-200 CWE-200 High WordPress Plugin wp superb Slideshow Information Disclosure (2.4) CWE-200 CWE-200 High WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3) CVE-2015-1000007 CWE-538 CWE-538 High WordPress Plugin Yoast SEO Information Disclosure (3.2.4) CWE-200 CWE-200 High WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694 CWE-538 CWE-538 High WordPress REST API User Enumeration CWE-200 CWE-200 Low WordPress username enumeration CWE-200 CWE-200 Medium WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079 CWE-200 CWE-200 High WPEngine _wpeprivate/config.json information disclosure CWE-200 CWE-200 High WS_FTP log file found CWE-538 CWE-538 Medium X-Forwarded-For HTTP header security bypass CWE-287 CWE-287 High XML entity injection CWE-611 CWE-611 High XML external entity injection CWE-611 CWE-611 High XML external entity injection (variant) CWE-611 CWE-611 High XML external entity injection and XML injection CWE-611 CWE-611 High XML external entity injection via external file CWE-611 CWE-611 High XML external entity injection via File Upload CWE-611 CWE-611 High Yii2 debug toolkit CWE-200 CWE-200 Medium Zend framework configuration file information disclosure CWE-538 CWE-538 High Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161 CWE-611 CWE-611 High