Vulnerability Name CVE Severity
.htaccess file readable
Access database found
Adminer 4.6.2 file disclosure vulnerability
Adobe ColdFusion directory traversal CVE-2013-3336
Amazon S3 public bucket
Amazon S3 publicly writable bucket
Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789
Apache Axis2 administration console weak password
Apache Axis2 information disclosure
Apache Axis2 web services enumeration
Apache balancer-manager application publicly accessible
Apache httpOnly cookie disclosure CVE-2012-0053
Apache mod_negotiation filename bruteforcing
Apache perl-status enabled
Apache server-info enabled
Apache server-status enabled
Apache Solr endpoint
Apache solr service exposed
Apache stronghold-info enabled
Apache stronghold-status enabled
Apache Tomcat examples directory vulnerabilities
Apache Tomcat Information Disclosure CVE-2017-7674 CVE-2017-12616
Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461
Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022
Apache Tomcat version older than 7.0.21 CVE-2011-3190
apc.php page found
Application error messages
Arbitrary file existence disclosure in Action Pack CVE-2014-7829
ASP.NET application trace enabled
ASP.NET custom errors disabled
ASP.NET debugging enabled
ASP.NET diagnostic page
ASP.NET error message
ASP.NET MVC version disclosure
ASP.NET path disclosure
ASP.NET version disclosure
Atlassian Confluence Access Restriction Bypass CVE-2017-9505
Atlassian Confluence information disclosure CVE-2017-7415
Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283
Atlassian Jira Manage Filters information disclosure
AWStats script
Backup files
Bazaar repository found
Chrome Logger information disclosure
ColdFusion path disclosures
ColdFusion Request Debugging information disclosure
ColdFusion Robust Exception enabled
Configuration file disclosure
Configuration file source code disclosure
Core dump checker PHP script
Core dump file
Credit card number disclosed
CVS web repository
Database connection string disclosure
Development configuration files
Devise weak password
Directory listings
Django debug mode enabled
Documentation files
Dotenv .env file
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554
Drupal Backup Migrate directory publicly accessible
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9) CVE-2020-13670
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5) CVE-2020-13670
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14) CVE-2020-13670
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5) CVE-2020-13670
Drupal Views module information disclosure vulnerability
Elasticsearch service accessible
elmah.axd information disclosure
Email addresses
Error messages
Error page path disclosure
Error page web server version disclosure
File Content Disclosure in Action View CVE-2019-5418
Folder backup
Frontpage authors.pwd available
Frontpage extensions enabled
Full public read access Azure blob storage
Git repository found
GlassFish admin console weak credentials
Global.asa backup file found
Golang runtime profiling data
HTML Form found in redirect page
IBM Web Content Manager XPath injection CVE-2013-6735
IBM WebSphere/WebLogic application source file exposure
IBM WebSphere administration console weak password
Insecure transition from HTTPS to HTTP in form post
Insecure transition from HTTP to HTTPS in form post
Internal IP address disclosure
Internet Information Server returns IP address in HTTP header (Content-Location)
JBoss BSHDeployer MBean
JBoss HttpAdaptor JMXInvokerServlet
JBoss JMX Console Unrestricted Access
JBoss JMX management console
JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448
JBoss ServerInfo MBean CVE-2010-0738
JBoss Server MBean
JBoss status servlet information leak CVE-2010-1429
JBoss Web Console JMX Invoker
JBoss web service console
Jenkins dashboard
Jenkins user enumeration
Jenkins weak password
JetBrains .idea project directory
JetLeak vulnerability CVE-2015-2080
Joe Editor DEADJOE file
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0819
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-3629
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0821
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0837
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0835
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0837
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0835
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1453
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1454
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5) CVE-2017-14595
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7) CVE-2018-11325
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19) CVE-2020-15698
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7) CVE-2018-11327
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5) CVE-2017-8057
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12) CVE-2019-18674
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1) CVE-2017-16633
Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13) CVE-2019-19845
Joomla! Core Information Disclosure (1.5.0 - 3.7.5) CVE-2017-14596
Joomla! Core Information Disclosure (1.5.0 - 3.8.1) CVE-2017-14596
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040
JVM version leakage
Laravel log file publicly accessible
Macromedia Dreamweaver remote database scripts CVE-2004-1893
Magento Cacheleak
MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042
Mercurial repository found
Microsoft Frontpage configuration information
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815
Microsoft IIS Server service.cnf file found
Microsoft IIS tilde directory enumeration
Microsoft IIS version disclosure
Microsoft Office possible sensitive information
Minify arbitrary file disclosure CVE-2013-6619
MongoDB HTTP status interface
Multiple vulnerabilities in Ioncube loader-wizard.php
MySQL connection credentials
MySQL username disclosure
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180
nginx range filter integer overflow CVE-2017-7529
npm log file publicly accessible (npm-debug.log)
Oracle applications logs publicy available
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827
Oracle Reports Services RWServlet environment variables disclosure
Padding oracle attack
Password field submitted using GET method
Password type input with auto-complete enabled
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
PHP-FPM Status Page
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP errors enabled
PHPinfo page
PHPinfo pages
PHP opcache-status page publicly accessible
Possible database backup
Possible remote SWF inclusion CVE-2007-6244 CVE-2007-6637
Possible sensitive directories
Possible sensitive files
Possible server path disclosure (Unix)
Possible server path disclosure (Windows)
Possible social security number disclosed
Possible SQL Statement in comment
Possible username or password disclosure
Possible virtual host found
rack-mini-profiler environment variables disclosure
Rails controller possible sensitive information disclosure
Reachable SharePoint interface
RSA private key
Ruby on Rails database configuration file
SAP ICF /sap/public/info sensitive information disclosure
SAP Management Console get user list
SAP Management Console list logfiles
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
SAP NetWeaver server info information disclosure
SAP NetWeaver server info information disclosure BCB
SAP weak/predictable user credentials
Secrets leakage
Sensitive pages could be cached
Server-based source code disclosures
Session token in URL
SFTP/FTP credentials exposure
SharePoint exposed web services
SharePoint user enumeration
Snoop Servlet information disclosure
Source code disclosures
SQLite database found
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (CakePHP)
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (GWT)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Python)
Stack Trace Disclosure (Rails)
Stack Trace Disclosure (Ruby)
Stack Trace Disclosure (Tomcat)
SVN repository found
Symfony databases.yml configuration file
Symfony web debug toolbar
The Heartbleed Bug CVE-2014-0160
Tiki Wiki CMS: Arbitrary Code Execution
Tiki Wiki CMS: Arbitrary File Download
Tiki Wiki CMS: Remote Code Execution via Calendar Module
Tomcat status page
Unencrypted __VIEWSTATE parameter
Unprotected phpMyAdmin interface
Unrestricted access to NGINX+ API interface (read only)
Unrestricted access to NGINX+ API interface (read write)
Unrestricted access to NGINX+ Dashboard
Unrestricted access to NGINX+ Status module
Unrestricted access to NGINX+ Upstream HTTP interface
vBulletin customer number disclosure CVE-2013-6129
Virtual host directory listing
W3 total cache debug mode
Weak password
web.xml configuration file disclosure
webadmin.php script
Webalizer script
Web application default/weak credentials
WebDAV directory listing
WebLogic admin console weak credentials
Webmail weak password
Web server default welcome page
WordPress database credentials disclosure
WordPress debug mode
WordPress full path disclosure
WordPress pingback scanner CVE-2013-0235
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540
WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8)
WordPress Plugin ACF to REST API Information Disclosure (3.2.0) CVE-2020-13700
WordPress Plugin Activity Log Information Disclosure (2.2.12)
WordPress Plugin Acumbamail Information Disclosure (1.0.4)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)
WordPress Plugin Advanced Woo Search Information Disclosure (1.99) CVE-2020-12070
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
WordPress Plugin AlertWire Information Disclosure (1.1.1)
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1) CVE-2015-0902
WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)
WordPress Plugin BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743 CVE-2013-2744
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
WordPress Plugin BuddyPress Information Disclosure (5.1.1) CVE-2020-5244
WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0) CVE-2015-1000005
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461
WordPress Plugin Cherry Services List Information Disclosure (1.4.1)
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)
WordPress Plugin Contact Form Email Information Disclosure (1.2.66)
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1) CVE-2012-0896
WordPress Plugin Count per Day Information Disclosure (3.2.5)
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)
WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)
WordPress Plugin Download Monitor Information Disclosure (1.6.3)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0) CVE-2015-4704
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26) CVE-2020-11738
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
WordPress Plugin Easy Author Image Information Disclosure (1.5)
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)
WordPress Plugin Easy Digital Downloads Information Disclosure (2.7.6)
WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5) CVE-2014-4942
WordPress Plugin Email Log Information Disclosure (1.9)
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)
WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7) CVE-2018-6015
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6) CVE-2019-19983
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)
WordPress Plugin File Manager Information Disclosure (6.4) CVE-2020-24312
WordPress Plugin FireStats Arbitrary File Download (1.6.5)
WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)
WordPress Plugin Formidable Forms Builder for WordPress-Contact Forms, Surveys & Quiz Forms Information Disclosure (2.0.07)
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) CVE-2012-4920
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24) CVE-2014-8491
WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
WordPress Plugin Ghost Arbitrary File Download (0.5.5)
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
WordPress Plugin GlotPress Information Disclosure (2.2.1)
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0) CVE-2017-5223
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) CVE-2012-4915
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)
WordPress Plugin Gravity Forms Information Disclosure (2.4.8) CVE-2020-13764
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4)
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
WordPress Plugin History Collection Arbitrary File Download (1.1.1)
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6) CVE-2014-9177
WordPress Plugin IBS Mappro Arbitrary File Download (0.6) CVE-2015-5472
WordPress Plugin Image Export Arbitrary File Download (1.1.0) CVE-2015-5609
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)
WordPress Plugin Log Emails Information Disclosure (1.0.6)
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)
WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
WordPress Plugin Membership Simplified Arbitrary File Download (1.58) CVE-2017-1002008
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)
WordPress Plugin MetaSlider Information Disclosure (3.3.1)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2) CVE-2015-1000008
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11) CVE-2013-0291
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752
WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9)
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
WordPress Plugin Pike Firewall Information Disclosure (1.4)
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5) CVE-2012-3588
WordPress Plugin Popup Maker-Popup Forms, Optins & More Information Disclosure (1.8.11) CVE-2019-17574
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
WordPress Plugin RB Agency Local File Disclosure (2.4.7)
WordPress Plugin Recent Backups Arbitrary File Download (0.7) CVE-2015-1000006
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7) CVE-2015-9464
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1) CVE-2014-9511
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)
WordPress Plugin ShareYourCart Information Disclosure (1.6.1) CVE-2012-4332
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) CVE-2012-6313
WordPress Plugin Simple History Information Disclosure (1.0.7)
WordPress Plugin Simple History Information Disclosure (2.7.4)
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0) CVE-2015-1000010
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)
WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
WordPress Plugin Slack-Chat Information Disclosure (1.5.5) CVE-2019-14367
WordPress Plugin Slideshow Information Disclosure (2.2.21) CVE-2015-3634
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
WordPress Plugin SL User Create Information Disclosure (0.2.4)
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1) CVE-2018-20555
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077) CVE-2015-5471
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)
WordPress Plugin TRADIES Information Disclosure (2.2.6)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
WordPress Plugin Ultimate CSV Importer Arbitrary File Disclosure (3.7)
WordPress Plugin Ultimate CSV Importer Information Disclosure (3.6.74)
WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5)
WordPress Plugin UnGallery Local File Disclosure (1.5.8)
WordPress Plugin Unyson Information Disclosure (2.7.18)
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1) CVE-2012-1786
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0) CVE-2012-6651
WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3) CVE-2019-6715
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10) CVE-2019-15330
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)
WordPress Plugin WooCommerce Information Disclosure (4.5.2) CVE-2020-29156
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1) CVE-2014-5337
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2) CVE-2015-9269
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0) CVE-2015-4703
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)
WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)
WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)
WordPress Plugin WP Activity Log Information Disclosure (3.1.1) CVE-2018-8719
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1) CVE-2011-1669
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5) CVE-2015-5468
WordPress Plugin WP Easy full backup Information Disclosure (1.4)
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)
WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1) CVE-2019-14365
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0) CVE-2014-9013 CVE-2014-9014
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)
WordPress Plugin WP PHP widget Information Disclosure (1.0.2) CVE-2013-0721
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)
WordPress Plugin WP SlackSync Information Disclosure (1.8.5) CVE-2019-14366
WordPress Plugin wp superb Slideshow Information Disclosure (2.4)
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3) CVE-2015-1000007
WordPress Plugin Yoast SEO Information Disclosure (3.2.4)
WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694
WordPress REST API User Enumeration
WordPress username enumeration
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WPEngine _wpeprivate/config.json information disclosure
WS_FTP log file found
X-Forwarded-For HTTP header security bypass
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML external entity injection via external file
XML external entity injection via File Upload
Yii2 debug toolkit
Zend framework configuration file information disclosure
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161