Information Disclosure - Vulnerabilities

Vulnerability Name	CVE	CWE	Severity
.htaccess file readable		CWE-16	Medium
Access database found		CWE-538	Medium
Adobe ColdFusion directory traversal	CVE-2013-3336	CWE-22	High
Amazon S3 public bucket		CWE-264	Medium
Amazon S3 publicly writable bucket		CWE-264	High
Apache 2.0.43 Win32 file reading vulnerability	CVE-2003-0017	CWE-20	High
Apache 2.x version older than 2.0.48	CVE-2003-0542 CVE-2003-0789	CWE-119	Medium
Apache Axis2 administration console weak password		CWE-200	High
Apache Axis2 information disclosure		CWE-200	Medium
Apache Axis2 web services enumeration		CWE-200	Low
Apache httpOnly cookie disclosure	CVE-2012-0053	CWE-264	Medium
Apache mod_negotiation filename bruteforcing		CWE-538	Low
Apache perl-status enabled		CWE-200	Medium
Apache server-info enabled		CWE-200	Medium
Apache server-status enabled		CWE-200	Medium
Apache Solr endpoint		CWE-16	Low
Apache solr service exposed		CWE-16	High
Apache stronghold-info enabled		CWE-200	Low
Apache stronghold-status enabled		CWE-200	Low
Apache Tomcat "allowLinking" on Case Insensitive Filesystems		CWE-538	High
Apache Tomcat directory traversal	CVE-2007-0450	CWE-22	Medium
Apache Tomcat examples directory vulnerabilities		CWE-264	Medium
Apache Tomcat Information Disclosure	CVE-2017-12616	CWE-200	High
Apache Tomcat version older than 4.1.37	CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461	CWE-79	Medium
Apache Tomcat version older than 6.0.11	CVE-2005-2090 CVE-2007-1355	CWE-79	Medium
Apache Tomcat version older than 6.0.35	CVE-2011-3190 CVE-2011-3375 CVE-2012-0022	CWE-264	High
Apache Tomcat version older than 7.0.21	CVE-2011-3190	CWE-264	High
apc.php page found		CWE-538	Medium
Application error message		CWE-200	Medium
Arbitrary file existence disclosure in Action Pack	CVE-2014-7829	CWE-200	Medium
ASP.NET application trace enabled		CWE-16	Medium
ASP.NET custom errors disabled (AcuSensor)		CWE-16	Medium
ASP.NET debugging enabled		CWE-16	Low
ASP.NET diagnostic page		CWE-200	Medium
ASP.NET error message		CWE-16	Medium
ASP.NET MVC version disclosure		CWE-200	Low
ASP.NET padding oracle vulnerability	CVE-2010-3332	CWE-310	High
ASP.NET path disclosure		CWE-200	Low
ASP.NET version disclosure		CWE-200	Low
Atlassian Confluence Access Restriction Bypass	CVE-2017-9505		Medium
Atlassian Confluence information disclosure	CVE-2017-7415		High
Atlassian Confluence Stored Cross Site Scripting	CVE-2016-6283		Medium
Atlassian Jira Manage Filters information disclosure		CWE-200	Low
AWStats script		CWE-538	Medium
Backup files		CWE-538	Medium
Backup files		CWE-538	Medium
Bazaar repository found		CWE-538	High
Bonjour service running		CWE-16	Low
Chrome Logger information disclosure		CWE-16	Medium
ColdFusion path disclosure		CWE-200	Low
Configuration file disclosure		CWE-538	High
Configuration file source code disclosure		CWE-538	High
Core dump checker PHP script		CWE-200	Medium
Core dump file		CWE-200	High
Credit card number disclosed		CWE-200	Medium
CVS web repository		CWE-16	High
Database connection string disclosure		CWE-200	Medium
Development configuration file		CWE-538	Medium
Devise weak password		CWE-200	High
Directory listing		CWE-538	Medium
Django debug mode enabled		CWE-200	Medium
DNS cache snooping		CWE-16	Medium
DNS zone transfer	CVE-1999-0532	CWE-16	High
Documentation file		CWE-538	Low
Dotenv .env file		CWE-538	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554	CWE-264	High
Drupal Backup Migrate directory publicly accessible		CWE-538	High
Drupal Core 5.x Information Disclosure (5.0 - 5.18)	CVE-2009-2374	CWE-200	High
Drupal Core 6.x Information Disclosure (6.0 - 6.30)	CVE-2014-2983	CWE-200	High
Drupal Core 7.x Information Disclosure (7.0 - 7.14)	CVE-2012-2922	CWE-200	High
Drupal Core 7.x Information Disclosure (7.0 - 7.26)	CVE-2014-2983	CWE-200	High
Drupal Views module information disclosure vulnerability		CWE-200	Medium
Elasticsearch service accessible		CWE-16	High
elmah.axd information disclosure		CWE-16	Medium
Email address found		CWE-200	Informational
Environment variable information disclosure		CWE-200	Low
Error message		CWE-200	Medium
Error message on page		CWE-200	Medium
Error page path disclosure		CWE-200	Low
Error page web server version disclosure		CWE-200	Informational
Files listed in robots.txt but not linked		CWE-200	Informational
Finger service running		CWE-16	Medium
Frontpage authors.pwd available		CWE-538	Medium
Frontpage extensions enabled		CWE-16	Low
FTP anonymous logins		CWE-16	Low
FTP anonymous writable directories		CWE-16	Medium
FTP weak password		CWE-16	High
Full public read access Azure blob storage		CWE-264	Medium
Git repository found		CWE-538	High
GlassFish admin console weak credentials		CWE-16	High
Global.asa backup file found		CWE-538	Medium
HTML Form found in redirect page		CWE-287	Low
IBM Web Content Manager XPath injection	CVE-2013-6735	CWE-264	High
IBM WebSphere/WebLogic application source file exposure		CWE-200	High
IBM WebSphere administration console weak password		CWE-200	High
IMAP weak password		CWE-16	High
Insecure transition from HTTPS to HTTP in form post		CWE-200	Low
Insecure transition from HTTP to HTTPS in form post		CWE-200	Medium
Internet Information Server returns IP address in HTTP header (Content-Location)		CWE-200	Low
Javascript eval() usage		CWE-200	Informational
JBoss BSHDeployer MBean		CWE-16	High
JBoss HttpAdaptor JMXInvokerServlet		CWE-16	High
JBoss JMX Console Unrestricted Access		CWE-16	High
JBoss JMX management console		CWE-16	High
JBoss Seam remoting vulnerabilities	CVE-2013-6447 CVE-2013-6448	CWE-611	High
JBoss ServerInfo MBean	CVE-2010-0738	CWE-16	High
JBoss Server MBean		CWE-16	High
JBoss status servlet information leak	CVE-2010-1429	CWE-200	Medium
JBoss Web Console JMX Invoker		CWE-16	High
JBoss web service console		CWE-200	Low
Jenkins dashboard		CWE-200	Medium
JetBrains .idea project directory		CWE-538	Medium
JetLeak vulnerability	CVE-2015-2080	CWE-200	High
Joe Editor DEADJOE file		CWE-538	Low
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)	CVE-2011-4911	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)		CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)		CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)	CVE-2010-1432	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)	CVE-2011-3629	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)	CVE-2012-1599	CWE-264	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)		CWE-200	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)	CVE-2012-0819	CWE-200	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)	CVE-2012-0821	CWE-200	High
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0)		CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)	CVE-2011-3629	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)	CVE-2011-4937	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)	CVE-2012-0819	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)	CVE-2012-0821	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0835	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0837	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0836	CWE-200	High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)	CVE-2012-0835	CWE-200	High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)	CVE-2012-0837	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)	CVE-2012-1611	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)	CVE-2012-2748	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)	CVE-2013-1453	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)	CVE-2013-3057	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1454	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1453	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1455	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)	CVE-2013-3057	CWE-200	High
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)	CVE-2017-14595	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)	CVE-2018-11325	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)	CVE-2018-11327	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)	CVE-2017-8057	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)	CVE-2017-16633	CWE-200	High
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)	CVE-2017-14596	CWE-200	High
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)	CVE-2017-14596	CWE-200	High
JSONP enabled by default in MappingJackson2JsonView	CVE-2018-11040	CWE-538	High
JVM version leakage		CWE-200	Low
Laravel log file publicly accessible		CWE-538	Medium
LDAP anonymous binds		CWE-16	Medium
Macromedia Dreamweaver remote database scripts	CVE-2004-1893	CWE-16	High
Magento Cacheleak		CWE-200	High
MantisBT multiple security issues	CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042	CWE-200	High
Mercurial repository found		CWE-538	High
Microsoft Frontpage configuration information		CWE-200	Informational
Microsoft IIS5 NTLM and Basic authentication bypass	CVE-2007-2815	CWE-264	High
Microsoft IIS Server service.cnf file found		CWE-538	Low
Microsoft IIS tilde directory enumeration		CWE-20	High
Microsoft IIS version disclosure		CWE-200	Informational
Microsoft Office possible sensitive information		CWE-200	Informational
Microsoft SQL Server weak password		CWE-16	High
Minify arbitrary file disclosure	CVE-2013-6619	CWE-538	High
MongoDB HTTP status interface		CWE-16	Medium
Multiple vulnerabilities in Ioncube loader-wizard.php		CWE-16	High
MySQL connection credentials		CWE-538	High
MySQL database dump		CWE-538	Medium
MySQL Server weak password		CWE-16	High
MySQL username disclosure		CWE-538	Low
Nginx memory disclosure with specially crafted HTTP backend responses	CVE-2012-1180	CWE-399	High
Open X11 server		CWE-16	High
Oracle applications logs publicy available		CWE-200	Medium
Oracle Database Listener has no password		CWE-16	High
Oracle JavaServer Faces multiple vulnerabilities	CVE-2013-3827	CWE-22	High
Padding oracle attack		CWE-209	High
Password field submitted using GET method		CWE-200	Medium
Password type input with auto-complete enabled		CWE-200	Informational
PHP-CGI remote code execution	CVE-2012-1823 CVE-2012-2311	CWE-20	High
PHP-FPM Status Page		CWE-200	Medium
PHP.exe Windows CGI for Apache may let remote users view files on the server	CVE-2002-2029	CWE-16	Low
PHP curl_exec() url is controlled by user	CVE-2009-0037	CWE-352	Medium
PHP errors enabled		CWE-16	Medium
PHPinfo page		CWE-200	Medium
PHPinfo page found		CWE-200	Medium
phpMyAdmin SQL dump		CWE-538	Medium
POP3 weak password		CWE-16	High
Possible database backup		CWE-538	High
Possible debug parameter found		CWE-200	Medium
Possible internal IP address disclosure		CWE-200	Informational
Possible remote SWF inclusion	CVE-2007-6244 CVE-2007-6637	CWE-79	Medium
Possible sensitive directories		CWE-200	Low
Possible sensitive files		CWE-200	Low
Possible server path disclosure (Unix)		CWE-200	Informational
Possible server path disclosure (Windows)		CWE-200	Informational
Possible social security number disclosed		CWE-200	Medium
Possible SQL Statement in comment		CWE-200	Low
Possible username or password disclosure		CWE-200	Informational
Possible virtual host found		CWE-200	Low
PostgreSQL weak password		CWE-16	High
Public key certificate		CWE-200	Low
Rails controller possible sensitive information disclosure		CWE-200	Medium
Reachable SharePoint interface		CWE-16	High
Rlogin service running		CWE-16	Low
RSA private key		CWE-200	High
Rsh service running		CWE-16	Low
Ruby on Rails database configuration file		CWE-538	High
Ruby on Rails database connection file		CWE-538	High
Script source code disclosure		CWE-538	High
Sensitive data not encrypted		CWE-200	Low
Sensitive page could be cached		CWE-200	Low
Session token in URL		CWE-200	Low
SFTP/FTP credentials exposure		CWE-200	High
SharePoint exposed web services		CWE-200	Medium
SharePoint user enumeration		CWE-200	High
SMB list shares		CWE-16	Low
SMB null session		CWE-16	Low
SNMP information disclosure		CWE-16	Medium
Snoop Servlet information disclosure	CVE-2012-2170	CWE-200	Medium
Socks weak password		CWE-16	High
Solaris in.fingerd information disclosure vulnerability	CVE-2001-1503	CWE-16	High
Source code disclosure		CWE-538	Medium
SQLite database found		CWE-538	Medium
SSH weak password		CWE-16	High
Suspicious comment		CWE-200	Informational
SVN repository found		CWE-538	High
Sybase server weak password		CWE-307	High
Symfony databases.yml configuration file		CWE-538	High
Symfony web debug toolbar		CWE-16	Medium
Telnet service running		CWE-16	Low
Telnet weak password		CWE-307	High
The Heartbleed Bug	CVE-2014-0160	CWE-200	High
Tiki Wiki CMS: Arbitrary Code Execution			High
Tiki Wiki CMS: Arbitrary File Download			High
Tiki Wiki CMS: Remote Code Execution via Calendar Module			High
Tomcat status page		CWE-200	Low
Trojan horse detected		CWE-507	High
Unencrypted __VIEWSTATE parameter		CWE-200	Medium
Unprotected phpMyAdmin interface		CWE-16	High
vBulletin customer number disclosure	CVE-2013-6129	CWE-264	High
Virtual host directory listing		CWE-538	Medium
W3 total cache debug mode		CWE-16	Medium
Weak password		CWE-200	High
web.xml configuration file disclosure		CWE-538	High
webadmin.php script		CWE-16	High
Webalizer script		CWE-538	Medium
WebDAV directory listing		CWE-538	Medium
WebLogic admin console weak credentials		CWE-16	High
Webmail weak password		CWE-200	High
Web server default welcome page		CWE-16	Informational
WordPress database credentials disclosure		CWE-538	Medium
WordPress debug mode		CWE-200	High
WordPress full path disclosure		CWE-200	Low
WordPress pingback scanner	CVE-2013-0235	CWE-918	Medium
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)	CVE-2007-0540	CWE-200 CWE-400	High
WordPress Plugin Activity Log Information Disclosure (2.2.12)		CWE-200	High
WordPress Plugin Acumbamail Information Disclosure (1.0.4)		CWE-200	High
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)		CWE-200	High
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)		CWE-611	High
WordPress Plugin AlertWire Information Disclosure (1.1.1)		CWE-200	High
WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1)	CVE-2015-0902	CWE-200	High
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)		CWE-22	High
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin BackupBuddy Information Disclosure (2.2.28)	CVE-2013-2743 CVE-2013-2744	CWE-200	High
WordPress Plugin Backup Database Backup Information Disclosure (2.0.1)		CWE-538	High
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)		CWE-538	High
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)		CWE-200	High
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)		CWE-538	High
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)	CVE-2015-1000005	CWE-22	High
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)	CVE-2014-9461	CWE-22	High
WordPress Plugin Cherry Services List Information Disclosure (1.4.1)		CWE-200	High
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)		CWE-200	High
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)		CWE-538	High
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)		CWE-22	High
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)		CWE-22	High
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)		CWE-538	High
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)		CWE-200	High
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)	CVE-2012-0896	CWE-22 CWE-79	High
WordPress Plugin Count per Day Information Disclosure (3.2.5)		CWE-200	High
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)		CWE-22	High
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)		CWE-22	High
WordPress Plugin CSV Import for WordPress Arbitrary File Disclosure (3.7)		CWE-22	High
WordPress Plugin CSV Import for WordPress Information Disclosure (3.6.74)		CWE-200	High
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)		CWE-538	High
WordPress Plugin Download Monitor Information Disclosure (1.6.3)		CWE-538	High
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)		CWE-22	High
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)	CVE-2015-4704	CWE-22	High
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)		CWE-22	High
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)		CWE-200	High
WordPress Plugin Easy Author Image Information Disclosure (1.5)		CWE-200	High
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)		CWE-22	High
WordPress Plugin Easy Digital Downloads Information Disclosure (2.7.6)		CWE-200	High
WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5)	CVE-2014-4942	CWE-200	High
WordPress Plugin Email Log Information Disclosure (1.9)		CWE-200	High
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)		CWE-200	High
WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7)	CVE-2018-6015	CWE-200	High
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)		CWE-22	High
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)		CWE-22	High
WordPress Plugin FireStats Arbitrary File Download (1.6.5)		CWE-538	High
WordPress Plugin Formidable Forms-Form Builder for WordPress Information Disclosure (2.0.07)		CWE-200	High
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)	CVE-2012-4920	CWE-22	High
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)		CWE-22	High
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)		CWE-538	High
WordPress Plugin Ghost Arbitrary File Download (0.5.5)		CWE-538	High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)		CWE-95 CWE-200	High
WordPress Plugin GlotPress Information Disclosure (2.2.1)		CWE-200	High
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)	CVE-2017-5223	CWE-200	High
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)	CVE-2012-4915	CWE-22	High
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)		CWE-538	High
WordPress Plugin Grand Flagallery-Photo Gallery Information Disclosure (4.24)	CVE-2014-8491	CWE-200	High
WordPress Plugin GRAND Flash Album Gallery SQL Injection and Information Disclosure Vulnerabilities (0.59)		CWE-22 CWE-89	High
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)		CWE-538	High
WordPress Plugin History Collection Arbitrary File Download (1.1.1)		CWE-538	High
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)	CVE-2014-9177	CWE-200	High
WordPress Plugin IBS Mappro Arbitrary File Download (0.6)	CVE-2015-5472	CWE-22	High
WordPress Plugin Image Export Arbitrary File Download (1.1.0)	CVE-2015-5609	CWE-22	High
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)		CWE-22	High
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)		CWE-200	High
WordPress Plugin Jigoshop Information Disclosure (1.17.9)		CWE-200	High
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)		CWE-200	High
WordPress Plugin Log Emails Information Disclosure (1.0.6)		CWE-200	High
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)		CWE-22	High
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)		CWE-538	High
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)		CWE-22	High
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)		CWE-200	High
WordPress Plugin Membership Simplified Arbitrary File Download (1.58)	CVE-2017-1002008	CWE-538	High
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)		CWE-538	High
WordPress Plugin Meta Slider Information Disclosure (3.3.1)		CWE-200	High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)		CWE-538	High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)		CWE-538	High
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)	CVE-2015-1000008	CWE-200	High
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)		CWE-538	High
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)		CWE-538	High
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)	CVE-2013-0291	CWE-200	High
WordPress Plugin Order/Coupon/Subscription Export Import Plugin for WooCommerce (BASIC) Information Disclosure (1.0.8)		CWE-200	High
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)	CVE-2012-6511 CVE-2012-6512	CWE-79 CWE-200	High
WordPress Plugin Page and Post Clone Information Disclosure (1.1)		CWE-200	High
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)	CVE-2008-5752	CWE-22	High
WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9)		CWE-538	High
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)		CWE-538	High
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)		CWE-22	High
WordPress Plugin Pike Firewall Information Disclosure (1.4)		CWE-200	High
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)	CVE-2012-3588	CWE-22	High
WordPress Plugin RB Agency Local File Disclosure (2.4.7)		CWE-22	High
WordPress Plugin Recent Backups Arbitrary File Download (0.7)	CVE-2015-1000006	CWE-22	High
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)		CWE-22	High
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)		CWE-200	High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)	CVE-2014-9511	CWE-538	High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)		CWE-22	High
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)		CWE-538	High
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)		CWE-200	High
WordPress Plugin ShareYourCart Information Disclosure (1.6.1)	CVE-2012-4332	CWE-200	High
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)		CWE-538	High
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)		CWE-22	High
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)	CVE-2012-6313	CWE-200	High
WordPress Plugin Simple History Information Disclosure (1.0.7)		CWE-200	High
WordPress Plugin Simple History Information Disclosure (2.7.4)		CWE-200	High
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)	CVE-2015-1000010	CWE-538	High
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)		CWE-22	High
WordPress Plugin Slideshow Information Disclosure (2.2.21)	CVE-2015-3634	CWE-200	High
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)		CWE-79 CWE-200	High
WordPress Plugin SL User Create Information Disclosure (0.2.4)		CWE-200	High
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)		CWE-94 CWE-200	High
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)		CWE-352 CWE-538	High
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)		CWE-200	High
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)		CWE-79	High
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)		CWE-203	High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)		CWE-203	High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)		CWE-203	High
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)		CWE-200	High
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)		CWE-200	High
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)	CVE-2015-5471	CWE-22	High
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)		CWE-22	High
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)		CWE-22	High
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)		CWE-22	High
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)		CWE-22	High
WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5)		CWE-200	High
WordPress Plugin UnGallery Local File Disclosure (1.5.8)		CWE-22	High
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)		CWE-538	High
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)		CWE-200	High
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)	CVE-2012-1786	CWE-200	High
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)	CVE-2012-6651	CWE-22	High
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)		CWE-200	High
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)		CWE-200	High
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)		CWE-200	High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)	CVE-2014-5337	CWE-264	High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)		CWE-200	High
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)	CVE-2015-4703	CWE-538	High
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)		CWE-522	High
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)		CWE-22	High
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)		CWE-22	High
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)		CWE-22	High
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)		CWE-22	High
WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)		CWE-200	High
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)		CWE-538	High
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)		CWE-22	High
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)	CVE-2011-1669	CWE-22	High
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)	CVE-2015-5468	CWE-22	High
WordPress Plugin WP Easy full backup Information Disclosure (1.4)		CWE-200	High
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)		CWE-538	High
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)	CVE-2014-9013 CVE-2014-9014	CWE-22	High
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)		CWE-22	High
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)		CWE-22 CWE-538	High
WordPress Plugin WP PHP widget Information Disclosure (1.0.2)	CVE-2013-0721	CWE-200	High
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)		CWE-200	High
WordPress Plugin WP Security Audit Log Information Disclosure (3.1.1)	CVE-2018-8719	CWE-200	High
WordPress Plugin wp superb Slideshow Information Disclosure (2.4)		CWE-200	High
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)	CVE-2015-1000007	CWE-538	High
WordPress Plugin Yoast SEO Information Disclosure (3.2.4)		CWE-200	High
WordPress Plugin Zip Attachments Arbitrary File Download (1.4)	CVE-2015-4694	CWE-538	High
WordPress REST API User Enumeration		CWE-200	Low
WordPress username enumeration		CWE-200	Medium
WordPress W3 Total Cache plugin predictable cache filenames	CVE-2012-6077 CVE-2012-6078 CVE-2012-6079	CWE-200	High
WS_FTP log file found		CWE-538	Medium
X-Forwarded-For HTTP header security bypass		CWE-287	High
XML external entity injection		CWE-611	High
XML external entity injection and XML injection		CWE-611	High
XML external entity injection via external file		CWE-611	High
XML external entity injection via File Upload		CWE-611	High
Yii2 debug toolkit		CWE-200	Medium
Zend framework configuration file information disclosure		CWE-538	High
Zend Framework local file disclosure via XXE injection	CVE-2012-3363	CWE-611	High

.htaccess file readable

CWE-16

Medium

Access database found

CWE-538

Medium

Adobe ColdFusion directory traversal

CVE-2013-3336

CWE-22

High

Amazon S3 public bucket

CWE-264