Vulnerability Name CVE Severity
.htaccess File Detected
Adminer 4.6.2 file disclosure vulnerability
Adobe ColdFusion directory traversal CVE-2013-3336
Amazon S3 public bucket
Amazon S3 publicly writable bucket
Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789
Apache Axis2 administration console weak password
Apache Axis2 information disclosure
Apache Axis2 web services enumeration
Apache Axis2 xsd local file inclusion
Apache balancer-manager application publicly accessible
Apache httpOnly cookie disclosure CVE-2012-0053
Apache mod_negotiation filename bruteforcing
Apache OFBiz Log4Shell RCE CVE-2021-44228
Apache perl-status enabled
Apache Server-Info Detected
Apache Server-Status Detected
Apache Solr endpoint
Apache Solr Log4Shell RCE CVE-2021-44228
Apache solr service exposed
Apache stronghold-info enabled
Apache stronghold-status enabled
Apache Tomcat examples directory vulnerabilities
Apache Tomcat Information Disclosure CVE-2017-7674 CVE-2017-12616
Apache Tomcat sample files
Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461
Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286
Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022
Apache Tomcat version older than 7.0.21 CVE-2011-3190
apc.php page found
API Sensitive Info(PII) accessible without authentication
Arbitrary file existence disclosure in Action Pack CVE-2014-7829
Arbitrary File Read on Nuxt.js Development Server
Arbitrary local file read via file upload
Argo CD Information Disclosure (CVE-2024-37152) CVE-2024-37152
ASP.NET application-level tracing enabled
ASP.NET connection strings stored in plaintext
ASP.NET Core Development Mode enabled
ASP.NET CustomErrors Is Disabled
ASP.NET debugging enabled
ASP.NET diagnostic page
ASP.NET error message
ASP.NET path disclosure
ASP.NET viewstate encryption disabled
ASP.NET WCF service include exception details
Atlassian Confluence Access Restriction Bypass CVE-2017-9505
Atlassian Confluence information disclosure CVE-2017-7415
Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283
Atlassian Jira Manage Filters information disclosure
Bazaar repository found
Bitrix server test script publicly accessible
Chrome Logger information disclosure
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193) CVE-2020-8193
Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966) CVE-2023-4966
Clockwork PHP dev tool enabled
Cloud metadata publicly exposed
CodeIgniter development mode enabled
ColdFusion path disclosures
ColdFusion Request Debugging information disclosure
ColdFusion Robust Exception enabled
Composer installed.json publicly accessible
Configuration file disclosure
Configuration file source code disclosure
Consul API publicly exposed
Core dump checker PHP script
Core dump file
Craft CMS Development Mode enabled
CVS Detected
Delve Debugger Unauthorized Access Vulnerability
Development configuration files
Devise weak password
Directory listings
Django Debug Mode Enabled
Django Debug Toolbar
Documentation files
Dolibarr Information Disclosure (CVE-2023-33568) CVE-2023-33568
Dotenv .env file
Dragonfly Arbitrary File Read/Write (CVE-2021-33564) CVE-2021-33564
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554
Drupal Backup Migrate directory publicly accessible
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9) CVE-2020-13670
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5) CVE-2020-13670
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14) CVE-2020-13670
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5) CVE-2020-13670
Drupal Views module information disclosure vulnerability
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358
Elasticsearch service accessible
Elmah.axd / Errorlog.axd Detected
Envoy Metadata disclosure
Error messages
Error page path disclosure
Error page web server version disclosure
Express Development Mode enabled
F5 BIG-IP Cookie Information Disclosure
File Content Disclosure in Action View CVE-2019-5418
Frontpage authors.pwd available
FrontPage Identified
Full public read access Azure blob storage
Generic Email Address Disclosure
GIT Detected exposed
Gitlab user disclosure
GlassFish admin console weak credentials
Global.asa backup file found
GoCD information disclosure (CVE-2021-43287) CVE-2021-43287
Golang runtime profiling data
Go web application binary disclosure
Grails database console
GraphiQL Explorer/Playground Enabled
GraphQL Field Suggestions Enabled
GraphQL Introspection Query Enabled
GraphQL Unhandled Error Leakage
Harbor Unauthorized Access Vulnerability CVE-2022-46463
HTML Form found in redirect page
IBM Web Content Manager XPath injection CVE-2013-6735
IBM WebSphere/WebLogic application source file exposure
IBM WebSphere administration console weak password
IIS Path disclosure
InfluxDB Unauthorized Access Vulnerability
Insecure transition from HTTPS to HTTP in form post
Insecure transition from HTTP to HTTPS in form post
Internet Information Server returns IP address in HTTP header (Content-Location)
Javascript Source map detected
JBoss BSHDeployer MBean
JBoss HttpAdaptor JMXInvokerServlet
JBoss JMX Console Unrestricted Access
JBoss JMX management console
JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448
JBoss ServerInfo MBean CVE-2010-0738
JBoss Server MBean
JBoss status servlet information leak CVE-2010-1429
JBoss Web Console JMX Invoker
JBoss web service console
Jenkins dashboard
Jenkins open people list
Jenkins user enumeration
Jenkins weak password
JetBrains .idea project directory
JetLeak vulnerability CVE-2015-2080
Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169
Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429 CVE-2021-28164
Jira QueryComponent Information Disclosure (CVE-2020-14179) CVE-2020-14179
Jira Unauthorized User Enumeration (CVE-2020-14181) CVE-2020-14181
Jira Unauthorized User Enumeration via UserPickerBrowser
Joe Editor DEADJOE file
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821
Joomla! Core 1.7.0 Information Disclosure (1.7.0)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836
Joomla! Core 2.5.0 Information Disclosure (2.5.0) CVE-2012-0835
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5) CVE-2017-14595
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22) CVE-2020-35614
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7) CVE-2018-11325
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19) CVE-2020-15698
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7) CVE-2018-11327
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5) CVE-2017-8057
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12) CVE-2019-18674
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1) CVE-2017-16633
Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13) CVE-2019-19845
Joomla! Core 4.2.0 Information Disclosure (4.2.0) CVE-2022-27911
Joomla! Core improper access check in webservice endpoints CVE-2023-23752
Joomla! Core Information Disclosure (1.5.0 - 3.7.5) CVE-2017-14596
Joomla! Core Information Disclosure (1.5.0 - 3.8.1) CVE-2017-14596
Joomla! Core Information Disclosure (2.5.0 - 3.9.22) CVE-2020-35611
Joomla Debug Console enabled
Joomla J!Dump extension enabled
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040
JVM version leakage
KeyCloak Information Disclosure (CVE-2020-27838) CVE-2020-27838
Laravel log file publicly accessible
Laravel LogViewer open
Laravel Telescope open
Laravel Terminal open
Lucee Stacktrace Information Disclosure
Macromedia Dreamweaver remote database scripts CVE-2004-1893
Magento Cacheleak
Magento Config File Disclosure
MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042
MediaWiki multiple remote vulnerabilities CVE-2012-4377 CVE-2012-4378
Mercurial repository found
Microsoft Access Database File Detected
Microsoft Frontpage configuration information
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815
Microsoft IIS Server service.cnf file found
Microsoft IIS tilde directory enumeration
Minify arbitrary file disclosure CVE-2013-6619
MinIO Information Disclosure (CVE-2023-28432) CVE-2023-28432
MongoDB HTTP status interface
Multiple vulnerabilities in Ioncube loader-wizard.php
MySQL connection credentials
MySQL username disclosure
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180
nginx range filter integer overflow CVE-2017-7529
Node.js Running in Development Mode
NodeBB Arbitrary JSON File Read (CVE-2021-43788) CVE-2021-43788
npm log file publicly accessible (npm-debug.log)
Nuxt.js Running in Development Mode
OData feed accessible anonymously
Oracle applications logs publicy available
Oracle E-Business Suite Information Disclosure
Oracle E-Business Suite iStore open user registration CVE-2022-21500
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827
Oracle Reports Services RWServlet environment variables disclosure
OwnCloud phpinfo Information Disclosure (CVE-2023-49103) CVE-2023-49103
Padding oracle attack
Password found in server response
Payara Micro File Read (CVE-2021-41381) CVE-2021-41381
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
PHP-FPM Status Page
PHP Console addon enabled
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP Debug Bar enabled
PHP display_errors Is Enabled
Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704
PHPinfo pages
PHP opcache-gui publicly accessible
PHP opcache-status page publicly accessible
PHP Safedir restriction bypass vulnerabilities
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860
PHP X Prober publicly accessible
Possible database backup
Possible Database Name Disclosure
Possible sensitive directories
Possible sensitive files
Possible SQL Statement in comment
Possible username or password disclosure
Possible virtual host found
Programming Error Messages
Pyramid DebugToolbar enabled
qdPM Information Disclosure
rack-mini-profiler environment variables disclosure
Rails controller possible sensitive information disclosure
Reachable SharePoint interface
RoR Database Configuration File Detected
RoR Development Mode enabled
RSA Private Key Detected
SAP ICF /sap/public/info sensitive information disclosure
SAP Management Console get user list
SAP Management Console list logfiles
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
SAP NetWeaver server info information disclosure
SAP NetWeaver server info information disclosure BCB
SAP weak/predictable user credentials
Sensitive Data Exposure
Sensitive pages could be cached
Session ID in URL
SharePoint exposed web services
SharePoint user enumeration
SimpleHelp Path Traversal (CVE-2024-57727) CVE-2024-57727 CVE-2024-57726 CVE-2024-57728
Snoop Servlet information disclosure
Source Code Disclosure
Spring Boot Actuator
Spring Boot Actuator v2
SQLite Database File Found
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (CakePHP)
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (GWT)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (NodeJS)
Stack Trace Disclosure (Python)
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (Ruby-Sinatra Framework)
Stack Trace Disclosure (Tomcat)
Struts 2 Config Browser plugin enabled
Struts2 Development Mode Enabled
SVN Detected
Symfony databases.yml configuration file
Symfony debug mode enabled
Symfony debug mode enabled (AcuSensor)
Symfony Profiler open
Symfony running in dev mode
Symfony web debug toolbar
Test CGI script leaking environment variables
TestRail Information Disclosure (CVE-2021-40875) CVE-2021-40875
The Heartbleed Bug CVE-2014-0160
Tiki Wiki CMS: Arbitrary Code Execution
Tiki Wiki CMS: Arbitrary File Download
Tiki Wiki CMS: Remote Code Execution via Calendar Module
Tomcat status page
TorchServe Management API publicly exposed CVE-2023-43654
Tornado debug mode
Trace.axd Detected
TRACE Method enabled
Tracy debugging tool enabled
Typo3 debug mode enabled
Typo3 sensitive files
Ubiquiti Unifi Log4Shell RCE CVE-2021-44228
Unprotected JSON file leaking secrets
Unprotected phpMyAdmin interface
Unrestricted access to a monitoring system
Unrestricted access to Caddy API interface
Unrestricted access to NGINX+ API interface (read only)
Unrestricted access to NGINX+ API interface (read write)
Unrestricted access to NGINX+ Dashboard
Unrestricted access to NGINX+ Status module
Unrestricted access to NGINX+ Upstream HTTP interface
Unrestricted access to Prometheus
Unrestricted access to Prometheus Metrics
vBulletin customer number disclosure CVE-2013-6129
Version Disclosure (ASP.NET)
Version Disclosure (ASP.NET MVC)
Version Disclosure (IIS)
Version Disclosure (PHP)
ViewsState is not Encrypted
ViewStateMac is Not Enabled
Virtual host directory listing
VMware Horizon Log4Shell RCE CVE-2021-44228
VMware vCenter Log4Shell RCE CVE-2021-44228
VMware vCenter vcavbootstrap Arbitrary File Read
W3 total cache debug mode
Weak password
web.xml configuration file disclosure
webadmin.php script
Webalizer script
Web application default/weak credentials
WebDAV directory listing
WebLogic admin console weak credentials
Webmail weak password
WebPageTest Unauthorized Access Vulnerability
Whoops error handler component detected
WordPress database credentials disclosure
WordPress debug mode
WordPress full path disclosure
WordPress pingback scanner CVE-2013-0235
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540
WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8)
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25) CVE-2024-35171
WordPress Plugin AccessAlly Information Disclosure (3.5.6) CVE-2021-24226
WordPress Plugin ACF to REST API Information Disclosure (3.2.0) CVE-2020-13700
WordPress Plugin Activity Log Information Disclosure (2.2.12)
WordPress Plugin Acumbamail Information Disclosure (1.0.4)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)
WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2) CVE-2022-40696
WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2) CVE-2022-40696
WordPress Plugin Advanced File Manager Information Disclosure (5.2.4) CVE-2024-5598
WordPress Plugin Advanced Woo Search Information Disclosure (1.99) CVE-2020-12070
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
WordPress Plugin AI ChatBot Information Disclosure (4.8.9) CVE-2023-5254
WordPress Plugin AlertWire Information Disclosure (1.1.1)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2) CVE-2022-4346
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1) CVE-2015-0902
WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)
WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1) CVE-2022-31474
WordPress Plugin BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743 CVE-2013-2744
WordPress Plugin Backup Migration Arbitrary File Download (1.3.6) CVE-2023-6266
WordPress Plugin Backup Migration Information Disclosure (1.2.8)
WordPress Plugin Backup Migration Information Disclosure (1.3.5) CVE-2023-6271
WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5) CVE-2022-1186
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
WordPress Plugin BuddyPress Information Disclosure (5.1.1) CVE-2020-5244
WordPress Plugin BulletProof Security Information Disclosure (5.1) CVE-2021-39327
WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0) CVE-2015-1000005
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461
WordPress Plugin Cherry Services List Information Disclosure (1.4.1)
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
WordPress Plugin Clone Information Disclosure (2.4.2) CVE-2023-6750
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)
WordPress Plugin Contact Form Email Information Disclosure (1.2.66)
WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0) CVE-2023-0331
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1) CVE-2012-0896
WordPress Plugin Count per Day Information Disclosure (3.2.5)
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)
WordPress Plugin Credova_Financial Information Disclosure (1.4.8) CVE-2021-39342
WordPress Plugin Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6) CVE-2022-0345
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2) CVE-2023-6383
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)
WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)
WordPress Plugin Download Monitor Information Disclosure (1.6.3)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0) CVE-2015-4704
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26) CVE-2020-11738
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
WordPress Plugin Easy Author Image Information Disclosure (1.5)
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)
WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)
WordPress Plugin Email Log Information Disclosure (1.9)
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)
WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Information Disclosure (3.4.7) CVE-2018-6015
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6) CVE-2019-19983
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)
WordPress Plugin File Manager Information Disclosure (6.4) CVE-2020-24312
WordPress Plugin Find My Blocks Information Disclosure (3.3.2) CVE-2021-24677
WordPress Plugin FireStats Arbitrary File Download (1.6.5)
WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)
WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) CVE-2012-4920
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24) CVE-2014-8491
WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
WordPress Plugin Ghost Arbitrary File Download (0.5.5)
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2) CVE-2022-2117
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
WordPress Plugin GlotPress Information Disclosure (2.2.1)
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0) CVE-2017-5223
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) CVE-2012-4915
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)
WordPress Plugin Gravity Forms Information Disclosure (2.4.8) CVE-2020-13764
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4)
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
WordPress Plugin Helpful Information Disclosure (4.5.25) CVE-2022-2834
WordPress Plugin History Collection Arbitrary File Download (1.1.1)
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6) CVE-2014-9177
WordPress Plugin IBS Mappro Arbitrary File Download (0.6) CVE-2015-5472
WordPress Plugin Image Export Arbitrary File Download (1.1.0) CVE-2015-5609
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1) CVE-2021-24374
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)
WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2) CVE-2024-1208 CVE-2024-1209 CVE-2024-1210
WordPress Plugin Log Emails Information Disclosure (1.0.6)
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)
WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10) CVE-2024-2106
WordPress Plugin Media Library Assistant Information Disclosure (3.00) CVE-2022-41618
WordPress Plugin Membership Simplified Arbitrary File Download (1.58) CVE-2017-1002008
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)
WordPress Plugin MetaSlider Information Disclosure (3.3.1)
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3) CVE-2022-1442
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2) CVE-2015-1000008
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11) CVE-2013-0291
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
WordPress Plugin Pike Firewall Information Disclosure (1.4)
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5) CVE-2012-3588
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11) CVE-2019-17574
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
WordPress Plugin RB Agency Local File Disclosure (2.4.7)
WordPress Plugin Recent Backups Arbitrary File Download (0.7) CVE-2015-1000006
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7) CVE-2015-9464
WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2) CVE-2022-0919 CVE-2022-0920
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1) CVE-2014-9511
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)
WordPress Plugin ShareYourCart Information Disclosure (1.6.1) CVE-2012-4332
WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5) CVE-2014-4942
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4) CVE-2022-4764
WordPress Plugin Simple File List Arbitrary File Download (3.2.7) CVE-2022-1119
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) CVE-2012-6313
WordPress Plugin Simple History Information Disclosure (1.0.7)
WordPress Plugin Simple History Information Disclosure (2.7.4)
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0) CVE-2015-1000010
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)
WordPress Plugin SiteGuard WP Information Disclosure (1.7.6) CVE-2024-37881
WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
WordPress Plugin Slack-Chat Information Disclosure (1.5.5) CVE-2019-14367
WordPress Plugin Slideshow Information Disclosure (2.2.21) CVE-2015-3634
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
WordPress Plugin SL User Create Information Disclosure (0.2.4)
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1) CVE-2018-20555
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7) CVE-2017-18536
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077) CVE-2015-5471
WordPress Plugin Theme Editor Arbitrary File Download (2.5) CVE-2021-24154
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19) CVE-2021-24585
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)
WordPress Plugin TRADIES Information Disclosure (2.2.6)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)
WordPress Plugin UnGallery Local File Disclosure (1.5.8)
WordPress Plugin Unyson Information Disclosure (2.7.18)
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Information Disclosure (3.9.0) CVE-2023-0814
WordPress Plugin User Profile Picture Information Disclosure (2.4.0) CVE-2021-24170
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16) CVE-2022-0384
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1) CVE-2012-1786
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0) CVE-2012-6651
WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3) CVE-2019-6715
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10) CVE-2019-15330
WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7)
WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0) CVE-2022-4298
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6) CVE-2022-4106
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7) CVE-2022-4108
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)
WordPress Plugin WooCommerce Information Disclosure (4.5.2) CVE-2020-29156
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1) CVE-2014-5337
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2) CVE-2015-9269
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0) CVE-2015-4703
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)
WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)
WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)
WordPress Plugin WP-RecentComments Information Disclosure (2.2.7) CVE-2023-23886
WordPress Plugin WP Activity Log Information Disclosure (3.1.1) CVE-2018-8719
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1) CVE-2011-1669
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5) CVE-2015-5468
WordPress Plugin WP Easy full backup Information Disclosure (1.4)
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)
WordPress Plugin WP Import Export Information Disclosure (3.9.15) CVE-2022-0236
WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15) CVE-2022-0236
WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1) CVE-2019-14365
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0) CVE-2014-9013 CVE-2014-9014
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)
WordPress Plugin WP PHP widget Information Disclosure (1.0.2) CVE-2013-0721
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)
WordPress Plugin WP SlackSync Information Disclosure (1.8.5) CVE-2019-14366
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3) CVE-2024-3682
WordPress Plugin wp superb Slideshow Information Disclosure (2.4)
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3) CVE-2015-1000007
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2) CVE-2022-2369
WordPress Plugin Yoast SEO Information Disclosure (3.2.4)
WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694
WordPress readme.html file
WordPress REST API User Enumeration
WordPress username enumeration
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WPEngine _wpeprivate/config.json information disclosure
X-Forwarded-For HTTP header security bypass
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML External Entity Injection via external file
XML external entity injection via File Upload
Yii2 debug toolkit
Yii debug mode enabled
Zabbix Guest Access
Zend framework configuration file information disclosure
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161
ZK Framework AuUploader Information Disclosure (CVE-2022-36537) CVE-2022-36537
[Possible] AWStats Detected
[Possible] Backup Folder
[Possible] Backup Source Code Detected
[Possible] Database Connection String Detected
[Possible] Internal IP Address Disclosure
[Possible] Internal Path Disclosure (*nix)
[Possible] Internal Path Disclosure (Windows)
[Possible] Password Transmitted over Query String
[Possible] Sublime SFTP Config File Detected
[Possible] WS_FTP Log File Detected