Vulnerability Name CVE Severity
.htaccess File Detected
A2 Optimized WP Information Disclosure (
AccessAlly Information Disclosure (3.5.6) CVE-2021-24226
ACF to REST API Information Disclosure (3.2.0) CVE-2020-13700
Activity Log Information Disclosure (2.2.12)
Acumbamail Information Disclosure (1.0.4)
Adminer 4.6.2 file disclosure vulnerability
Adobe ColdFusion directory traversal CVE-2013-3336
Advanced Contact form 7 DB Information Disclosure (1.1.0)
Advanced Contact form 7 DB Information Disclosure (1.6.2)
Advanced Custom Fields (ACF) Information Disclosure (6.0.2) CVE-2022-40696
Advanced Custom Fields PRO Information Disclosure (6.0.2) CVE-2022-40696
Advanced Woo Search Information Disclosure (1.99) CVE-2020-12070
Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
AlertWire Information Disclosure (1.1.1)
All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2) CVE-2022-4346
All-in-One WP Migration Information Disclosure (7.0)
All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure ( CVE-2015-0902
Amazon S3 public bucket
Amazon S3 publicly writable bucket
Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789
Apache Axis2 administration console weak password
Apache Axis2 information disclosure
Apache Axis2 web services enumeration
Apache Axis2 xsd local file inclusion
Apache balancer-manager application publicly accessible
Apache httpOnly cookie disclosure CVE-2012-0053
Apache mod_negotiation filename bruteforcing
Apache OFBiz Log4Shell RCE CVE-2021-44228
Apache perl-status enabled
Apache Server-Info Detected
Apache Server-Status Detected
Apache Solr endpoint
Apache Solr Log4Shell RCE CVE-2021-44228
Apache solr service exposed
Apache stronghold-info enabled
Apache stronghold-status enabled
Apache Tomcat examples directory vulnerabilities
Apache Tomcat Information Disclosure CVE-2017-7674 CVE-2017-12616
Apache Tomcat sample files
Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461
Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286
Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022
Apache Tomcat version older than 7.0.21 CVE-2011-3190
apc.php page found
API Sensitive Info(PII) accessible without authentication
ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
Arbitrary file existence disclosure in Action Pack CVE-2014-7829
Arbitrary File Read on Nuxt.js Development Server
Arbitrary local file read via file upload
ASP.NET application-level tracing enabled
ASP.NET connection strings stored in plaintext
ASP.NET Core Development Mode enabled
ASP.NET CustomErrors Is Disabled
ASP.NET debugging enabled
ASP.NET diagnostic page
ASP.NET error message
ASP.NET path disclosure
ASP.NET viewstate encryption disabled
ASP.NET WCF service include exception details
Aspose Cloud eBook Generator Arbitrary File Download (1.0)
Aspose DOC Exporter Arbitrary File Download (1.0)
Aspose Importer & Exporter Arbitrary File Download (2.0)
Aspose PDF Exporter Arbitrary File Download (1.0)
Atlassian Confluence Access Restriction Bypass CVE-2017-9505
Atlassian Confluence information disclosure CVE-2017-7415
Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283
Atlassian Jira Manage Filters information disclosure
BackupBuddy Arbitrary File Download ( CVE-2022-31474
BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743 CVE-2013-2744
Bazaar repository found
Be POPIA Compliant Information Disclosure (1.1.5) CVE-2022-1186
Better WordPress Minify Arbitrary File Disclosure (1.2.2)
Bitrix server test script publicly accessible
Breadcrumb NavXT Information Disclosure (6.1.0)
BuddyPress Information Disclosure (5.1.1) CVE-2020-5244
BulletProof Security Information Disclosure (5.1) CVE-2021-39327
Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
Caldera Forms-More Than Contact Forms Information Disclosure (
Candidate Application Form Arbitrary File Disclosure (1.6)
Candidate Application Form Arbitrary File Download (1.0) CVE-2015-1000005
Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461
Cherry Services List Information Disclosure (1.4.1)
Cherry Team Members Information Disclosure (1.4.1)
Child Theme Configurator Arbitrary File Disclosure (1.7.4)
Chrome Logger information disclosure
Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193) CVE-2020-8193
Clockwork PHP dev tool enabled
cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
CodeIgniter development mode enabled
ColdFusion path disclosures
ColdFusion Request Debugging information disclosure
ColdFusion Robust Exception enabled
Composer installed.json publicly accessible
Configuration file disclosure
Configuration file source code disclosure
Consul API publicly exposed
Contact Form 7 Database Information Disclosure (1.3)
Contact Form Email Information Disclosure (1.2.66)
Core dump checker PHP script
Core dump file
Correos Woocommerce Arbitrary File Download ( CVE-2023-0331
Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1) CVE-2012-0896
Count per Day Information Disclosure (3.2.5)
CP Image Store with Slideshow Arbitrary File Download (1.0.5)
Crayon Syntax Highlighter Local File Disclosure (2.6.10)
Credit card number disclosed
Credova_Financial Information Disclosure (1.4.8) CVE-2021-39342
Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6) CVE-2022-0345
CVS Detected
Delve Debugger Unauthorized Access Vulnerability
Development configuration files
Devise weak password
Direct Download for Woocommerce Arbitrary File Download (1.15)
Directory listings
Django Debug Mode Enabled
Django Debug Toolbar
Documentation files
Doneren met Mollie Information Disclosure (2.8.4)
Dotenv .env file
Download Monitor Information Disclosure (1.6.3)
Download Shortcode Arbitrary File Disclosure (0.1)
Download Zip Attachments Arbitrary File Download (1.0.0) CVE-2015-4704
Dragonfly Arbitrary File Read/Write (CVE-2021-33564) CVE-2021-33564
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554
Drupal Backup Migrate directory publicly accessible
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9) CVE-2020-13670
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5) CVE-2020-13670
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14) CVE-2020-13670
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5) CVE-2020-13670
Drupal Views module information disclosure vulnerability
Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)
Duplicator-WordPress Migration Arbitrary File Download (1.3.26) CVE-2020-11738
DZS Video Gallery Information Disclosure (3.1.3)
Easy Author Image Information Disclosure (1.5)
Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)
Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358
Elasticsearch service accessible
Elmah.axd / Errorlog.axd Detected
Email Log Information Disclosure (1.9)
Email newsletter 'option' Parameter Information Disclosure (8.0)
Email Subscribers & Newsletters Information Disclosure (3.4.7) CVE-2018-6015
Envoy Metadata disclosure
Error messages
Error page path disclosure
Error page web server version disclosure
Eshop Magic Arbitrary File Disclosure (0.1)
Express running in development mode
F5 BIG-IP Cookie Information Disclosure
Fast Velocity Minify Information Disclosure (2.7.6) CVE-2019-19983
File Content Disclosure in Action View CVE-2019-5418
Filedownload 'download.php' Local File Disclosure (0.1)
File Manager Information Disclosure (6.4) CVE-2020-24312
Find My Blocks Information Disclosure (3.3.2) CVE-2021-24677
FireStats Arbitrary File Download (1.6.5)
Font Awesome Information Disclosure (4.0.0-rc16)
Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)
Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) CVE-2012-4920
Frontpage authors.pwd available
FrontPage Identified
Full public read access Azure blob storage
Fusion Engage Local File Disclosure (1.0.5)
Gallery-Flagallery Photo Portfolio Information Disclosure (4.24) CVE-2014-8491
Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)
Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
Generic Email Address Disclosure
Ghost Arbitrary File Download (0.5.5)
GIT Detected
Gitlab user disclosure
GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2) CVE-2022-2117
GlassFish admin console weak credentials
Global.asa backup file found
Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
GlotPress Information Disclosure (2.2.1)
Gmail SMTP Arbitrary File Disclosure (1.1.0) CVE-2017-5223
GoCD information disclosure (CVE-2021-43287) CVE-2021-43287
Golang runtime profiling data
Google Doc Embedder Arbitrary File Disclosure (2.4.6) CVE-2012-4915
Google Drive for WordPress Information Disclosure (2.2)
Go web application binary disclosure
Grails database console
GraphiQL Explorer/Playground Enabled
GraphQL Field Suggestions Enabled
GraphQL Introspection Query Enabled
GraphQL Unhandled Error Leakage
Gravity Forms Information Disclosure (2.4.8) CVE-2020-13764
Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (
HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)
Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
Helpful Information Disclosure (4.5.25) CVE-2022-2834
History Collection Arbitrary File Download (1.1.1)
HTML5 MP3 Player with Playlist Free Information Disclosure (2.6) CVE-2014-9177
HTML Form found in redirect page
IBM Web Content Manager XPath injection CVE-2013-6735
IBM WebSphere/WebLogic application source file exposure
IBM WebSphere administration console weak password
IBS Mappro Arbitrary File Download (0.6) CVE-2015-5472
IIS Path disclosure
Image Export Arbitrary File Download (1.1.0) CVE-2015-5609
Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)
InfluxDB Unauthorized Access Vulnerability
Information Disclosure (Microsoft Office)
Insecure transition from HTTPS to HTTP in form post
Insecure transition from HTTP to HTTPS in form post
Internet Information Server returns IP address in HTTP header (Content-Location)
IP Blacklist Cloud Arbitrary File Disclosure (3.42)
iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
Javascript Source map detected
JBoss BSHDeployer MBean
JBoss HttpAdaptor JMXInvokerServlet
JBoss JMX Console Unrestricted Access
JBoss JMX management console
JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448
JBoss ServerInfo MBean CVE-2010-0738
JBoss Server MBean
JBoss status servlet information leak CVE-2010-1429
JBoss Web Console JMX Invoker
JBoss web service console
Jenkins dashboard
Jenkins open people list
Jenkins user enumeration
Jenkins weak password
JetBrains .idea project directory
JetLeak vulnerability CVE-2015-2080
Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1) CVE-2021-24374
Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169
Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429
Jigoshop Information Disclosure (1.17.9)
Jira Unauthorized User Enumeration (CVE-2020-14181) CVE-2020-14181
Jira Unauthorized User Enumeration via UserPickerBrowser
JM Twitter Cards Information Disclosure (6.1)
Joe Editor DEADJOE file
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821
Joomla! Core 1.7.0 Information Disclosure (1.7.0)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836
Joomla! Core 2.5.0 Information Disclosure (2.5.0) CVE-2012-0835
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5) CVE-2017-14595
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22) CVE-2020-35614
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7) CVE-2018-11325
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19) CVE-2020-15698
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7) CVE-2018-11327
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5) CVE-2017-8057
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12) CVE-2019-18674
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1) CVE-2017-16633
Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13) CVE-2019-19845
Joomla! Core 4.2.0 Information Disclosure (4.2.0) CVE-2022-27911
Joomla! Core improper access check in webservice endpoints CVE-2023-23752
Joomla! Core Information Disclosure (1.5.0 - 3.7.5) CVE-2017-14596
Joomla! Core Information Disclosure (1.5.0 - 3.8.1) CVE-2017-14596
Joomla! Core Information Disclosure (2.5.0 - 3.9.22) CVE-2020-35611
Joomla Debug Console enabled
Joomla J!Dump extension enabled
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040
JVM version leakage
Laravel log file publicly accessible
Laravel LogViewer open
Laravel Telescope open
Laravel Terminal open
Log Emails Information Disclosure (1.0.6)
MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
MAC PHOTO GALLERY Arbitrary File Download (3.0)
Macromedia Dreamweaver remote database scripts CVE-2004-1893
Magento Cacheleak
Magento Config File Disclosure
Mailing List 'dl.php' Arbitrary File Download (1.4.1)
MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042
MapSVG Lite Arbitrary File Disclosure (
Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
Media Library Assistant Information Disclosure (3.00) CVE-2022-41618
MediaWiki multiple remote vulnerabilities CVE-2012-4377 CVE-2012-4378
Membership Simplified Arbitrary File Download (1.58) CVE-2017-1002008
Memphis Documents Library Arbitrary File Download (3.1.5)
Mercurial repository found
MetaSlider Information Disclosure (3.3.1)
Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3) CVE-2022-1442
Microsoft Access Database File Detected
Microsoft Frontpage configuration information
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815
Microsoft IIS Server service.cnf file found
Microsoft IIS tilde directory enumeration
Minify arbitrary file disclosure CVE-2013-6619
MinIO Information Disclosure (CVE-2023-28432) CVE-2023-28432
MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
MongoDB HTTP status interface
MP3-jPlayer Information Disclosure (2.3.2) CVE-2015-1000008
MP3-jPlayer Local File Disclosure (2.3)
Multiple vulnerabilities in Ioncube loader-wizard.php
Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
MySQL connection credentials
MySQL username disclosure
NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11) CVE-2013-0291
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180
nginx range filter integer overflow CVE-2017-7529
Node.js Running in Development Mode
NodeBB Arbitrary JSON File Read (CVE-2021-43788) CVE-2021-43788
npm log file publicly accessible (npm-debug.log)
Nuxt.js Running in Development Mode
OData feed accessible anonymously
Oracle applications logs publicy available
Oracle E-Business Suite Information Disclosure
Oracle E-Business Suite iStore open user registration
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827
Oracle Reports Services RWServlet environment variables disclosure
Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512
Padding oracle attack
Page and Post Clone Information Disclosure (1.1)
Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752
Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)
Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)
Password found in server response
Payara Micro File Read (CVE-2021-41381) CVE-2021-41381
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
PHP-FPM Status Page
PHP Console addon enabled
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP Debug Bar enabled
PHP display_errors Is Enabled
Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704
phpinfo() Output Detected
PHPinfo pages
PHP opcache-gui publicly accessible
PHP opcache-status page publicly accessible
PHP Safedir restriction bypass vulnerabilities
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860
PHP X Prober publicly accessible
PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
Pike Firewall Information Disclosure (1.4)
Plugin:Newsletter 'data' Parameter Information Disclosure (1.5) CVE-2012-3588
Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11) CVE-2019-17574
Possible database backup
Possible sensitive directories
Possible sensitive files
Possible SQL Statement in comment
Possible username or password disclosure
Possible virtual host found
Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
Profile Builder-User Profile & User Registration Forms Information Disclosure (3.9.0) CVE-2023-0814
Programming Error Messages
Pyramid DebugToolbar enabled
qdPM Information Disclosure
Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
rack-mini-profiler environment variables disclosure
Rails controller possible sensitive information disclosure
RB Agency Local File Disclosure (2.4.7)
Reachable SharePoint interface
Recent Backups Arbitrary File Download (0.7) CVE-2015-1000006
RoR Database Configuration File Detected
RSA Private Key Detected
Ruby on Rails Running in Development Mode
S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7) CVE-2015-9464
Salon booking system Multiple Information Disclosure Vulnerabilities (7.6.2) CVE-2022-0919 CVE-2022-0920
SAP ICF /sap/public/info sensitive information disclosure
SAP Management Console get user list
SAP Management Console list logfiles
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
SAP NetWeaver server info information disclosure
SAP NetWeaver server info information disclosure BCB
SAP weak/predictable user credentials
Save Contact Form 7 Information Disclosure (2.0)
Sell Downloads Arbitrary File Disclosure (1.0.1) CVE-2014-9511
Sell Downloads Arbitrary File Disclosure (1.0.17)
Sensitive Data Exposure
Sensitive pages could be cached
Server-based source code disclosures
Service Finder-Provider and Business Listing Local File Disclosure (3.0)
Session ID in URL
Share Drafts Publicly Information Disclosure (1.1.4)
SharePoint exposed web services
SharePoint user enumeration
ShareYourCart Information Disclosure (1.6.1) CVE-2012-4332
Shopping Cart & eCommerce Store Information Disclosure (2.0.5) CVE-2014-4942
Simple Backup Arbitrary File Download (2.7.10)
Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
Simple File Downloader Cross-Site Scripting (1.0.4) CVE-2022-4764
Simple File List Arbitrary File Download (3.2.7) CVE-2022-1119
Simple Gmail Login Stack Trace Information Disclosure (1.1.3) CVE-2012-6313
Simple History Information Disclosure (1.0.7)
Simple History Information Disclosure (2.7.4)
Simple Image Manipulator Arbitrary File Download (1.0) CVE-2015-1000010
Simply Static Arbitrary File Download (1.6.2)
SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
Slack-Chat Information Disclosure (1.5.5) CVE-2019-14367
Slideshow Information Disclosure (2.2.21) CVE-2015-3634
Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
SL User Create Information Disclosure (0.2.4)
Snoop Servlet information disclosure
Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
Social Network Tabs Information Disclosure (1.7.1) CVE-2018-20555
Social Security Number Disclosure
Source code disclosures
Spring Boot Actuator
Spring Boot Actuator v2
SQLite Database File Found
SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)
SSL Insecure Content Fixer Information Disclosure (2.0.0)
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (CakePHP)
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (GWT)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (NodeJS)
Stack Trace Disclosure (Python)
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (Ruby-Sinatra Framework)
Stack Trace Disclosure (Tomcat)
Stop User Enumeration Cross-Site Scripting (1.3.7)
Stop User Enumeration Security Bypass (1.3.18)
Stop User Enumeration User Enumeration (1.2.4)
Stop User Enumeration User Enumeration (1.3.4)
Stop User Enumeration User Enumeration (1.3.8)
Struts 2 Config Browser plugin enabled
Struts2 Development Mode Enabled
Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
Super Refer A Friend Information Disclosure (1.0)
SVN Detected
Swim Team Arbitrary File Download (1.44.1077) CVE-2015-5471
Symfony databases.yml configuration file
Symfony debug mode enabled
Symfony debug mode enabled (AcuSensor)
Symfony Profiler open
Symfony running in dev mode
Symfony web debug toolbar
Test CGI script leaking environment variables
The Heartbleed Bug CVE-2014-0160
Theme Editor Arbitrary File Download (2.5) CVE-2021-24154
Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
Tiki Wiki CMS: Arbitrary Code Execution
Tiki Wiki CMS: Arbitrary File Download
Tiki Wiki CMS: Remote Code Execution via Calendar Module
Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19) CVE-2021-24585
Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
Tomcat status page
Tornado debug mode
Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)
Trace.axd Detected
TRACE/TRACK Method Detected
Tracy debugging tool enabled
TRADIES Information Disclosure (2.2.6)
Typo3 debug mode enabled
Typo3 sensitive files
Ubiquiti Unifi Log4Shell RCE CVE-2021-44228
U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)
Unencrypted __VIEWSTATE parameter
UnGallery Local File Disclosure (1.5.8)
Unprotected JSON file leaking secrets
Unprotected phpMyAdmin interface
Unrestricted access to a monitoring system
Unrestricted access to Caddy API interface
Unrestricted access to NGINX+ API interface (read only)
Unrestricted access to NGINX+ API interface (read write)
Unrestricted access to NGINX+ Dashboard
Unrestricted access to NGINX+ Status module
Unrestricted access to NGINX+ Upstream HTTP interface
Unrestricted access to Prometheus
Unrestricted access to Prometheus Metrics
Unyson Information Disclosure (2.7.18)
UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (
User Meta Manager Information Disclosure (3.4.7)
User Profile Picture Information Disclosure (2.4.0) CVE-2021-24170
vBulletin customer number disclosure CVE-2013-6129
Version Disclosure (ASP.NET)
Version Disclosure (ASP.NET MVC)
Version Disclosure (IIS)
Version Disclosure (PHP)
Video Conferencing with Zoom Information Disclosure (3.8.16) CVE-2022-0384
Video Embed & Thumbnail Generator Information Disclosure (1.1) CVE-2012-1786
Virtual host directory listing
Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0) CVE-2012-6651
VMware Horizon Log4Shell RCE CVE-2021-44228
VMware vCenter Log4Shell RCE CVE-2021-44228
VMware vCenter vcavbootstrap Arbitrary File Read
W3 Total Cache Arbitrary File Disclosure (0.9.3) CVE-2019-6715
W3 total cache debug mode
W3 Total Cache Information Disclosure (
Weak password
web.xml configuration file disclosure
webadmin.php script
Webalizer script
Web application default/weak credentials
WebDAV directory listing
WebLogic admin console weak credentials
Webmail weak password
WebPageTest Unauthorized Access Vulnerability
WebP Express Arbitrary File Disclosure (0.14.10) CVE-2019-15330
Welcart e-Commerce Information Disclosure (2.2.7)
Wholesale Market Arbitrary File Download (2.2.0) CVE-2022-4298
Wholesale Market for WooCommerce Arbitrary File Download (1.0.6) CVE-2022-4106
Wholesale Market for WooCommerce Arbitrary File Download (1.0.7) CVE-2022-4108
Whoops error handler component detected
WooCommerce Arbitrary File Download (3.4.5)
WooCommerce Email Test Information Disclosure (1.5)
WooCommerce Information Disclosure (4.5.2) CVE-2020-29156
WordPress Backup to Dropbox Information Disclosure (4.7.1)
WordPress database credentials disclosure
WordPress debug mode
WordPress full path disclosure
WordPress Mobile Pack Information Disclosure (2.0.1) CVE-2014-5337
WordPress Mobile Pack Information Disclosure (2.1.2) CVE-2015-9269
WordPress pingback scanner CVE-2013-0235
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540
WordPress readme.html file
WordPress renaming tool by Vlajo Arbitrary File Download (1.0) CVE-2015-4703
WordPress REST API User Enumeration
WordPress Social Stream Information Disclosure (1.6)
WordPress username enumeration
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
wp-FileManager Arbitrary File Disclosure (1.3.0)
Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)
WP-Live Chat by 3CX Information Disclosure (8.0.28)
WP-Mon Arbitrary File Disclosure (0.5.1)
WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (
WP-RecentComments Information Disclosure (2.2.7) CVE-2023-23886
WP Activity Log Information Disclosure (3.1.1) CVE-2018-8719
WP Attachment Export Arbitrary File Download (0.2.3)
WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)
WP Custom Pages 'url' Parameter Local File Disclosure ( CVE-2011-1669
WP e-Commerce Shop Styling Arbitrary File Download (2.5) CVE-2015-5468
WP Easy full backup Information Disclosure (1.4)
WPEngine _wpeprivate/config.json information disclosure
WP Hide & Security Enhancer Arbitrary File Download (
WP Import Export Information Disclosure (3.9.15) CVE-2022-0236
WP Import Export Lite Information Disclosure (3.9.15) CVE-2022-0236
WP Intercom-Slack for WordPress Information Disclosure (1.2.1) CVE-2019-14365
WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0) CVE-2014-9013 CVE-2014-9014
WP Mobile Edition Arbitrary File Disclosure (2.2.7)
WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)
WP PHP widget Information Disclosure (1.0.2) CVE-2013-0721
WP REST API (WP API) Information Disclosure (1.2)
WP SlackSync Information Disclosure (1.8.5) CVE-2019-14366
wp superb Slideshow Information Disclosure (2.4)
wptf-image-gallery Arbitrary File Download (1.0.3) CVE-2015-1000007
X-Forwarded-For HTTP header security bypass
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML External Entity Injection via external file
XML external entity injection via File Upload
YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2) CVE-2022-2369
Yii2 debug toolkit
Yii debug mode enabled
Yoast SEO Information Disclosure (3.2.4)
Zabbix Guest Access
Zend framework configuration file information disclosure
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161
Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694
[Possible] AWStats Detected
[Possible] Backup Folder
[Possible] Backup Source Code Detected
[Possible] Database Connection String Detected
[Possible] Internal IP Address Disclosure
[Possible] Internal Path Disclosure (*nix)
[Possible] Internal Path Disclosure (Windows)
[Possible] Password Transmitted over Query String
[Possible] Sublime SFTP Config File Detected
[Possible] WS_FTP Log File Detected