Information Disclosure Vulnerabilities

  1. Web Vulnerabilities
  2. Information Disclosure Vulnerabilities
Vulnerability Name CVE CWE Severity
.htaccess file readable CWE-16  Medium
Access database found CWE-538  Medium
Adobe ColdFusion directory traversal CVE-2013-3336  CWE-22  High
Amazon S3 public bucket CWE-264  Medium
Amazon S3 publicly writable bucket CWE-264  High
Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017  CWE-20  High
Apache 2.x version older than 2.0.48 CVE-2003-0542  CVE-2003-0789  CWE-119  Medium
Apache Axis2 administration console weak password CWE-200  High
Apache Axis2 information disclosure CWE-200  Medium
Apache Axis2 web services enumeration CWE-200  Low
Apache httpOnly cookie disclosure CVE-2012-0053  CWE-264  Medium
Apache mod_negotiation filename bruteforcing CWE-538  Low
Apache perl-status enabled CWE-200  Medium
Apache server-info enabled CWE-200  Medium
Apache server-status enabled CWE-200  Medium
Apache Solr endpoint CWE-16  Low
Apache solr service exposed CWE-16  High
Apache stronghold-info enabled CWE-200  Low
Apache stronghold-status enabled CWE-200  Low
Apache Tomcat "allowLinking" on Case Insensitive Filesystems CWE-538  High
Apache Tomcat directory traversal CVE-2007-0450  CWE-22  Medium
Apache Tomcat examples directory vulnerabilities CWE-264  Medium
Apache Tomcat Information Disclosure CVE-2017-12616  CWE-200  High
Apache Tomcat version older than 4.1.37 CVE-2005-3164  CVE-2007-1355  CVE-2007-2449  CVE-2007-2450  CVE-2007-3382  CVE-2007-3383  CVE-2007-3385  CVE-2007-5333  CVE-2007-5461  CWE-79  Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090  CVE-2007-1355  CWE-79  Medium
Apache Tomcat version older than 6.0.35 CVE-2011-3190  CVE-2011-3375  CVE-2012-0022  CWE-264  High
Apache Tomcat version older than 7.0.21 CVE-2011-3190  CWE-264  High
apc.php page found CWE-538  Medium
Application error message CWE-200  Medium
Arbitrary file existence disclosure in Action Pack CVE-2014-7829  CWE-200  Medium
ASP.NET application trace enabled CWE-16  Medium
ASP.NET custom errors disabled (AcuSensor) CWE-16  Medium
ASP.NET debugging enabled CWE-16  Low
ASP.NET diagnostic page CWE-200  Medium
ASP.NET error message CWE-16  Medium
ASP.NET MVC version disclosure CWE-200  Low
ASP.NET padding oracle vulnerability CVE-2010-3332  CWE-310  High
ASP.NET path disclosure CWE-200  Low
ASP.NET version disclosure CWE-200  Low
Atlassian Confluence Access Restriction Bypass CVE-2017-9505  Medium
Atlassian Confluence information disclosure CVE-2017-7415  High
Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283  Medium
Atlassian Jira Manage Filters information disclosure CWE-200  Low
AWStats script CWE-538  Medium
Backup files CWE-538  Medium
Backup files CWE-538  Medium
Bazaar repository found CWE-538  High
Bonjour service running CWE-16  Low
Chrome Logger information disclosure CWE-16  Medium
ColdFusion path disclosure CWE-200  Low
ColdFusion Request Debugging information disclosure CWE-200  Medium
ColdFusion Robust Exception enabled CWE-200  Medium
Configuration file disclosure CWE-538  High
Configuration file source code disclosure CWE-538  High
Core dump checker PHP script CWE-200  Medium
Core dump file CWE-200  High
Credit card number disclosed CWE-200  Medium
CVS web repository CWE-16  High
Database connection string disclosure CWE-200  Medium
Development configuration file CWE-538  Medium
Devise weak password CWE-200  High
Directory listing CWE-538  Medium
Django debug mode enabled CWE-200  Medium
DNS cache snooping CWE-16  Medium
DNS zone transfer CVE-1999-0532  CWE-16  High
Documentation file CWE-538  Low
Dotenv .env file CWE-538  High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553  CVE-2012-4554  CWE-264  High
Drupal Backup Migrate directory publicly accessible CWE-538  High
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374  CWE-200  High
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983  CWE-200  High
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922  CWE-200  High
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983  CWE-200  High
Drupal Views module information disclosure vulnerability CWE-200  Medium
Elasticsearch service accessible CWE-16  High
elmah.axd information disclosure CWE-16  Medium
Email address found CWE-200  Informational
Environment variable information disclosure CWE-200  Low
Error message CWE-200  Medium
Error message on page CWE-200  Medium
Error page path disclosure CWE-200  Low
Error page web server version disclosure CWE-200  Informational
Files listed in robots.txt but not linked CWE-200  Informational
Finger service running CWE-16  Medium
Frontpage authors.pwd available CWE-538  Medium
Frontpage extensions enabled CWE-16  Low
FTP anonymous logins CWE-16  Low
FTP anonymous writable directories CWE-16  Medium
FTP weak password CWE-16  High
Full public read access Azure blob storage CWE-264  Medium
Git repository found CWE-538  High
GlassFish admin console weak credentials CWE-16  High
Global.asa backup file found CWE-538  Medium
HTML Form found in redirect page CWE-287  Low
IBM Web Content Manager XPath injection CVE-2013-6735  CWE-264  High
IBM WebSphere/WebLogic application source file exposure CWE-200  High
IBM WebSphere administration console weak password CWE-200  High
IMAP weak password CWE-16  High
Insecure transition from HTTPS to HTTP in form post CWE-200  Low
Insecure transition from HTTP to HTTPS in form post CWE-200  Medium
Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200  Low
Javascript eval() usage CWE-200  Informational
JBoss BSHDeployer MBean CWE-16  High
JBoss HttpAdaptor JMXInvokerServlet CWE-16  High
JBoss JMX Console Unrestricted Access CWE-16  High
JBoss JMX management console CWE-16  High
JBoss Seam remoting vulnerabilities CVE-2013-6447  CVE-2013-6448  CWE-611  High
JBoss ServerInfo MBean CVE-2010-0738  CWE-16  High
JBoss Server MBean CWE-16  High
JBoss status servlet information leak CVE-2010-1429  CWE-200  Medium
JBoss Web Console JMX Invoker CWE-16  High
JBoss web service console CWE-200  Low
Jenkins dashboard CWE-200  Medium
Jenkins user enumeration CWE-200  Low
Jenkins weak password CWE-200  High
JetBrains .idea project directory CWE-538  Medium
JetLeak vulnerability CVE-2015-2080  CWE-200  High
Joe Editor DEADJOE file CWE-538  Low
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911  CWE-200  High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12) CWE-200  High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14) CWE-200  High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432  CWE-200  High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629  CWE-200  High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599  CWE-264  High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3) CWE-200  High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0819  CWE-200  High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821  CWE-200  High
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0) CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-3629  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0821  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0837  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836  CWE-200  High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0835  CWE-200  High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0837  CWE-200  High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0835  CWE-200  High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611  CWE-200  High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748  CWE-200  High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453  CWE-200  High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057  CWE-200  High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1454  CWE-200  High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1453  CWE-200  High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455  CWE-200  High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057  CWE-200  High
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5) CVE-2017-14595  CWE-200  High
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7) CVE-2018-11325  CWE-200  High
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7) CVE-2018-11327  CWE-200  High
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5) CVE-2017-8057  CWE-200  High
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1) CVE-2017-16633  CWE-200  High
Joomla! Core Information Disclosure (1.5.0 - 3.7.5) CVE-2017-14596  CWE-200  High
Joomla! Core Information Disclosure (1.5.0 - 3.8.1) CVE-2017-14596  CWE-200  High
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040  CWE-538  Medium
JVM version leakage CWE-200  Low
Laravel log file publicly accessible CWE-538  Medium
LDAP anonymous binds CWE-16  Medium
Macromedia Dreamweaver remote database scripts CVE-2004-1893  CWE-16  High
Magento Cacheleak CWE-200  High
MantisBT multiple security issues CVE-2014-9571  CVE-2014-9572  CVE-2014-9573  CVE-2014-9624  CVE-2015-1042  CWE-200  High
Mercurial repository found CWE-538  High
Microsoft Frontpage configuration information CWE-200  Informational
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815  CWE-264  High
Microsoft IIS Server service.cnf file found CWE-538  Low
Microsoft IIS tilde directory enumeration CWE-20  High
Microsoft IIS version disclosure CWE-200  Informational
Microsoft Office possible sensitive information CWE-200  Informational
Microsoft SQL Server weak password CWE-16  High
Minify arbitrary file disclosure CVE-2013-6619  CWE-538  High
MongoDB HTTP status interface CWE-16  Medium
Multiple vulnerabilities in Ioncube loader-wizard.php CWE-16  High
MySQL connection credentials CWE-538  High
MySQL database dump CWE-538  Medium
MySQL Server weak password CWE-16  High
MySQL username disclosure CWE-538  Low
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180  CWE-399  High
NGINX range filter integer overflow CVE-2017-7529  CWE-200  Medium
npm log file publicly accessible (npm-debug.log) CWE-200  Medium
Open X11 server CWE-16  High
Oracle applications logs publicy available CWE-200  Medium
Oracle Database Listener has no password CWE-16  High
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827  CWE-22  High
Oracle Reports Services RWServlet environment variables disclosure CWE-200  Low
Padding oracle attack CWE-209  High
Password field submitted using GET method CWE-200  Medium
Password type input with auto-complete enabled CWE-200  Informational
PHP-CGI remote code execution CVE-2012-1823  CVE-2012-2311  CWE-20  High
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200  Medium
PHP-FPM Status Page CWE-200  Medium
PHP.exe Windows CGI for Apache may let remote users view files on the server CVE-2002-2029  CWE-16  Low
PHP curl_exec() url is controlled by user CVE-2009-0037  CWE-352  Medium
PHP errors enabled CWE-16  Medium
PHPinfo page CWE-200  Medium
PHPinfo page found CWE-200  Medium
phpMyAdmin SQL dump CWE-538  Medium
POP3 weak password CWE-16  High
Possible database backup CWE-538  High
Possible debug parameter found CWE-200  Medium
Possible internal IP address disclosure CWE-200  Informational
Possible remote SWF inclusion CVE-2007-6244  CVE-2007-6637  CWE-79  Medium
Possible sensitive directories CWE-200  Low
Possible sensitive files CWE-200  Low
Possible server path disclosure (Unix) CWE-200  Informational
Possible server path disclosure (Windows) CWE-200  Informational
Possible social security number disclosed CWE-200  Medium
Possible SQL Statement in comment CWE-200  Low
Possible username or password disclosure CWE-200  Informational
Possible virtual host found CWE-200  Low
PostgreSQL weak password CWE-16  High
Public key certificate CWE-200  Low
Rails controller possible sensitive information disclosure CWE-200  Medium
Reachable SharePoint interface CWE-16  High
Rlogin service running CWE-16  Low
RSA private key CWE-200  High
Rsh service running CWE-16  Low
Ruby on Rails database configuration file CWE-538  High
Ruby on Rails database connection file CWE-538  High
Script source code disclosure CWE-538  High
Sensitive data not encrypted CWE-200  Low
Sensitive page could be cached CWE-200  Low
Session token in URL CWE-200  Low
SFTP/FTP credentials exposure CWE-200  High
SharePoint exposed web services CWE-200  Medium
SharePoint user enumeration CWE-200  High
SMB list shares CWE-16  Low
SMB null session CWE-16  Low
SNMP information disclosure CWE-16  Medium
Snoop Servlet information disclosure CVE-2012-2170  CWE-200  Medium
Socks weak password CWE-16  High
Solaris in.fingerd information disclosure vulnerability CVE-2001-1503  CWE-16  High
Source code disclosure CWE-538  Medium
SQLite database found CWE-538  Medium
SSH weak password CWE-16  High
Stack Trace Disclosure (Apache MyFaces) CWE-209  Low
Stack Trace Disclosure (Apache MyFaces) CWE-209  Low
Stack Trace Disclosure (ASP.NET) CWE-209  Low
Stack Trace Disclosure (CakePHP) CWE-209  Low
Stack Trace Disclosure (CherryPy) CWE-209  Low
Stack Trace Disclosure (ColdFusion) CWE-209  Low
Stack Trace Disclosure (Grails) CWE-209  Low
Stack Trace Disclosure (Java) CWE-209  Low
Stack Trace Disclosure (Laravel) CWE-209  Low
Stack Trace Disclosure (Python) CWE-209  Low
Stack Trace Disclosure (Rails) CWE-209  Low
Stack Trace Disclosure (Ruby) CWE-209  Low
Stack Trace Disclosure (Tomcat) CWE-209  Low
Suspicious comment CWE-200  Informational
SVN repository found CWE-538  High
Sybase server weak password CWE-307  High
Symfony databases.yml configuration file CWE-538  High
Symfony web debug toolbar CWE-16  Medium
Telnet service running CWE-16  Low
Telnet weak password CWE-307  High
The Heartbleed Bug CVE-2014-0160  CWE-200  High
Tiki Wiki CMS: Arbitrary Code Execution High
Tiki Wiki CMS: Arbitrary File Download High
Tiki Wiki CMS: Remote Code Execution via Calendar Module High
Tomcat status page CWE-200  Low
Trojan horse detected CWE-507  High
Unencrypted __VIEWSTATE parameter CWE-200  Medium
Unprotected phpMyAdmin interface CWE-16  High
vBulletin customer number disclosure CVE-2013-6129  CWE-264  High
Virtual host directory listing CWE-538  Medium
W3 total cache debug mode CWE-16  Medium
Weak password CWE-200  High
web.xml configuration file disclosure CWE-538  High
webadmin.php script CWE-16  High
Webalizer script CWE-538  Medium
WebDAV directory listing CWE-538  Medium
WebLogic admin console weak credentials CWE-16  High
Webmail weak password CWE-200  High
Web server default welcome page CWE-16  Informational
WordPress database credentials disclosure CWE-538  Medium
WordPress debug mode CWE-200  High
WordPress full path disclosure CWE-200  Low
WordPress pingback scanner CVE-2013-0235  CWE-918  Medium
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540  CWE-200  CWE-400  High
WordPress Plugin Activity Log Information Disclosure (2.2.12) CWE-200  High
WordPress Plugin Acumbamail Information Disclosure (1.0.4) CWE-200  High
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0) CWE-200  High
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4) CWE-611  High
WordPress Plugin AlertWire Information Disclosure (1.1.1) CWE-200  High
WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1) CVE-2015-0902  CWE-200  High
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0) CWE-22  High
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0) CWE-22  High
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0) CWE-22  High
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0) CWE-22  High
WordPress Plugin BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743  CVE-2013-2744  CWE-200  High
WordPress Plugin Backup Database Backup Information Disclosure (2.0.1) CWE-538  High
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2) CWE-538  High
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0) CWE-200  High
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2) CWE-200  High
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6) CWE-538  High
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0) CVE-2015-1000005  CWE-22  High
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461  CWE-22  High
WordPress Plugin Cherry Services List Information Disclosure (1.4.1) CWE-200  High
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1) CWE-200  High
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4) CWE-538  High
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2) CWE-22  High
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46) CWE-22  High
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11) CWE-538  High
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3) CWE-200  High
WordPress Plugin Contact Form Email Information Disclosure (1.2.66) CWE-200  High
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1) CVE-2012-0896  CWE-22  CWE-79  High
WordPress Plugin Count per Day Information Disclosure (3.2.5) CWE-200  High
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5) CWE-22  High
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10) CWE-22  High
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15) CWE-538  High
WordPress Plugin Download Monitor Information Disclosure (1.6.3) CWE-538  High
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1) CWE-22  High
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0) CVE-2015-4704  CWE-22  High
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) CWE-22  High
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3) CWE-200  High
WordPress Plugin Easy Author Image Information Disclosure (1.5) CWE-200  High
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0) CWE-22  High
WordPress Plugin Easy Digital Downloads Information Disclosure (2.7.6) CWE-200  High
WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5) CVE-2014-4942  CWE-200  High
WordPress Plugin Email Log Information Disclosure (1.9) CWE-200  High
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0) CWE-200  High
WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7) CVE-2018-6015  CWE-200  High
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1) CWE-22  High
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1) CWE-22  High
WordPress Plugin FireStats Arbitrary File Download (1.6.5) CWE-538  High
WordPress Plugin Formidable Forms-Form Builder for WordPress Information Disclosure (2.0.07) CWE-200  High
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) CVE-2012-4920  CWE-22  High
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5) CWE-22  High
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3) CWE-538  High
WordPress Plugin Ghost Arbitrary File Download (0.5.5) CWE-538  High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1) CWE-95  CWE-200  High
WordPress Plugin GlotPress Information Disclosure (2.2.1) CWE-200  High
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0) CVE-2017-5223  CWE-200  High
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) CVE-2012-4915  CWE-22  High
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2) CWE-538  High
WordPress Plugin Grand Flagallery-Photo Gallery Information Disclosure (4.24) CVE-2014-8491  CWE-200  High
WordPress Plugin GRAND Flash Album Gallery SQL Injection and Information Disclosure Vulnerabilities (0.59) CWE-22  CWE-89  High
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0) CWE-538  High
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3) CWE-538  High
WordPress Plugin History Collection Arbitrary File Download (1.1.1) CWE-538  High
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6) CVE-2014-9177  CWE-200  High
WordPress Plugin IBS Mappro Arbitrary File Download (0.6) CVE-2015-5472   CWE-22  High
WordPress Plugin Image Export Arbitrary File Download (1.1.0) CVE-2015-5609   CWE-22  High
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42) CWE-22  High
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1) CWE-200  High
WordPress Plugin Jigoshop Information Disclosure (1.17.9) CWE-200  High
WordPress Plugin JM Twitter Cards Information Disclosure (6.1) CWE-200  High
WordPress Plugin Log Emails Information Disclosure (1.0.6) CWE-200  High
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8) CWE-22  High
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0) CWE-538  High
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1) CWE-22  High
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0) CWE-200  High
WordPress Plugin Membership Simplified Arbitrary File Download (1.58) CVE-2017-1002008  CWE-538  High
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5) CWE-538  High
WordPress Plugin Meta Slider Information Disclosure (3.3.1) CWE-200  High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4) CWE-538  High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5) CWE-538  High
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2) CVE-2015-1000008  CWE-200  High
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3) CWE-538  High
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0) CWE-538  High
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11) CVE-2013-0291   CWE-200  High
WordPress Plugin Order/Coupon/Subscription Export Import Plugin for WooCommerce (BASIC) Information Disclosure (1.0.8) CWE-200  High
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511  CVE-2012-6512  CWE-79  CWE-200  High
WordPress Plugin Page and Post Clone Information Disclosure (1.1) CWE-200  High
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752  CWE-22  High
WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9) CWE-538  High
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3) CWE-538  High
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0) CWE-22  High
WordPress Plugin Pike Firewall Information Disclosure (1.4) CWE-200  High
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5) CVE-2012-3588  CWE-22  High
WordPress Plugin RB Agency Local File Disclosure (2.4.7) CWE-22  High
WordPress Plugin Recent Backups Arbitrary File Download (0.7) CVE-2015-1000006  CWE-22  High
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7) CWE-22  High
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0) CWE-200  High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1) CVE-2014-9511  CWE-538  High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17) CWE-22  High
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0) CWE-538  High
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4) CWE-200  High
WordPress Plugin ShareYourCart Information Disclosure (1.6.1) CVE-2012-4332  CWE-200  High
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10) CWE-538  High
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0) CWE-22  High
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) CVE-2012-6313  CWE-200  High
WordPress Plugin Simple History Information Disclosure (1.0.7) CWE-200  High
WordPress Plugin Simple History Information Disclosure (2.7.4) CWE-200  High
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0) CVE-2015-1000010  CWE-538  High
WordPress Plugin Simply Static Arbitrary File Download (1.6.2) CWE-22  High
WordPress Plugin Slideshow Information Disclosure (2.2.21) CVE-2015-3634  CWE-200  High
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12) CWE-79  CWE-200  High
WordPress Plugin SL User Create Information Disclosure (0.2.4) CWE-200  High
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1) CWE-94  CWE-200  High
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1) CVE-2018-20555  CWE-200  High
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3) CWE-352  CWE-538  High
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0) CWE-200  High
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7) CWE-79  High
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18) CWE-264  High
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4) CWE-203  High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4) CWE-203  High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8) CWE-203  High
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2) CWE-200  High
WordPress Plugin Super Refer A Friend Information Disclosure (1.0) CWE-200  High
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077) CVE-2015-5471   CWE-22  High
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3) CWE-22  High
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7) CWE-22  High
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1) CWE-22  High
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1) CWE-22  High
WordPress Plugin Ultimate CSV Importer Arbitrary File Disclosure (3.7) CWE-22  High
WordPress Plugin Ultimate CSV Importer Information Disclosure (3.6.74) CWE-200  High
WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5) CWE-200  High
WordPress Plugin UnGallery Local File Disclosure (1.5.8) CWE-22  High
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5) CWE-538  High
WordPress Plugin User Meta Manager Information Disclosure (3.4.7) CWE-200  High
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1) CVE-2012-1786  CWE-200  High
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0) CVE-2012-6651  CWE-22  High
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) CWE-200  High
WordPress Plugin WebP Express Arbitrary File Disclosure (0.10.0) CWE-538  High
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5) CWE-538  High
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5) CWE-200  High
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1) CWE-200  High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1) CVE-2014-5337  CWE-264  High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2) CVE-2015-9269  CWE-200  High
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0) CVE-2015-4703  CWE-538  High
WordPress Plugin WordPress Social Stream Information Disclosure (1.6) CWE-522  High
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60) CWE-22  High
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0) CWE-22  High
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3) CWE-22  High
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1) CWE-22  High
WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2) CWE-200  High
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3) CWE-538  High
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5) CWE-22  High
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1) CVE-2011-1669  CWE-22  High
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5) CVE-2015-5468   CWE-22  High
WordPress Plugin WP Easy full backup Information Disclosure (1.4) CWE-200  High
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2) CWE-538  High
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0) CVE-2014-9013  CVE-2014-9014  CWE-22  High
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7) CWE-22  High
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) CWE-22  CWE-538  High
WordPress Plugin WP PHP widget Information Disclosure (1.0.2) CVE-2013-0721  CWE-200  High
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2) CWE-200  High
WordPress Plugin WP Security Audit Log Information Disclosure (3.1.1) CVE-2018-8719  CWE-200  High
WordPress Plugin wp superb Slideshow Information Disclosure (2.4) CWE-200  High
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3) CVE-2015-1000007  CWE-538  High
WordPress Plugin Yoast SEO Information Disclosure (3.2.4) CWE-200  High
WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694   CWE-538  High
WordPress REST API User Enumeration CWE-200  Low
WordPress username enumeration CWE-200  Medium
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077  CVE-2012-6078  CVE-2012-6079  CWE-200  High
WPEngine _wpeprivate/config.json information disclosure CWE-200  High
WS_FTP log file found CWE-538  Medium
X-Forwarded-For HTTP header security bypass CWE-287  High
XML external entity injection CWE-611  High
XML external entity injection and XML injection CWE-611  High
XML external entity injection via external file CWE-611  High
XML external entity injection via File Upload CWE-611  High
Yii2 debug toolkit CWE-200  Medium
Zend framework configuration file information disclosure CWE-538  High
Zend Framework local file disclosure via XXE injection CVE-2012-3363  CWE-611  High