Severity
- High
- Medium
- Low
- Informational
Vulnerability Categories
- Abuse Of Functionality
- Acumonitor
- Arbitrary File Creation
- Authentication Bypass
- Bruteforce Possible
- Buffer Overflow
- CSRF
- CSTI
- Code Execution
- Configuration
- Crlf Injection
- Deepscan
- Default Credentials
- Denial Of Service
- Dev Files
- Directory Listing
- Directory Traversal
- Eli Injection
- Error Handling
- File Inclusion
- Http Parameter Pollution
- Http Response Splitting
- Information Disclosure
- Insecure Admin Access
- Insecure Deserialization
- Internal Ip Disclosure
- Known Vulnerabilities
- Ldap Injection
- Malware
- Missing Update
- Privilege Escalation
- SSRF
- Sensitive Data Not Over Ssl
- Server Side Template Injection
- Session Fixation
- Source Code Disclosure
- Sql Injection
- Test Files
- Unauthenticated File Upload
- Url Redirection
- Weak Credentials
- Weak Crypto
- XFS
- XSS
- XXE
- Xpath Injection
Vulnerability NameCVECWECWESeverity.htaccess file readableCWE-443CWE-443Medium
Access database foundCWE-538CWE-538
Medium Adminer 4.6.2 file disclosure vulnerabilityCWE-22CWE-22
High Adobe ColdFusion directory traversalCVE-2013-3336CWE-22CWE-22
High Amazon S3 public bucketCWE-264CWE-264
Medium Amazon S3 publicly writable bucketCWE-264CWE-264
High Apache 2.x version older than 2.0.48CVE-2003-0542 CVE-2003-0789CWE-119CWE-119
Medium Apache Axis2 administration console weak passwordCWE-200CWE-200
High Apache Axis2 information disclosureCWE-200CWE-200
Medium Apache Axis2 web services enumerationCWE-200CWE-200
Low Apache balancer-manager application publicly accessibleCWE-200CWE-200
Medium Apache httpOnly cookie disclosureCVE-2012-0053CWE-264CWE-264
Medium Apache mod_negotiation filename bruteforcingCWE-538CWE-538
Low Apache perl-status enabledCWE-200CWE-200
Medium Apache server-info enabledCWE-200CWE-200
Medium Apache server-status enabledCWE-200CWE-200
Medium Apache Solr endpointCWE-200CWE-200
Low Apache solr service exposedCWE-200CWE-200
High Apache stronghold-info enabledCWE-200CWE-200
Low Apache stronghold-status enabledCWE-200CWE-200
Low Apache Tomcat examples directory vulnerabilitiesCWE-264CWE-264
Medium Apache Tomcat Information Disclosure CVE-2017-7674CVE-2017-12616CWE-200CWE-200
High Apache Tomcat version older than 4.1.37CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461CWE-79CWE-79
Medium Apache Tomcat version older than 6.0.11CVE-2005-2090 CVE-2007-1355CWE-79CWE-79
Medium Apache Tomcat version older than 6.0.35CVE-2011-3190 CVE-2011-3375 CVE-2012-0022CWE-264CWE-264
High Apache Tomcat version older than 7.0.21CVE-2011-3190CWE-264CWE-264
High apc.php page foundCWE-538CWE-538
Medium Application error messagesCWE-209CWE-209
Medium Arbitrary file existence disclosure in Action PackCVE-2014-7829CWE-200CWE-200
Medium ASP.NET application trace enabledCWE-215CWE-215
Medium ASP.NET custom errors disabledCWE-12CWE-12
Medium ASP.NET debugging enabledCWE-11CWE-11
Low ASP.NET diagnostic pageCWE-200CWE-200
Medium ASP.NET error messageCWE-12CWE-12
Medium ASP.NET MVC version disclosureCWE-200CWE-200
Low ASP.NET path disclosureCWE-200CWE-200
Low ASP.NET version disclosureCWE-200CWE-200
Low Atlassian Confluence Access Restriction BypassCVE-2017-9505
Medium Atlassian Confluence information disclosureCVE-2017-7415
High Atlassian Confluence Stored Cross Site ScriptingCVE-2016-6283
Medium Atlassian Jira Manage Filters information disclosureCWE-200CWE-200
Low AWStats scriptCWE-538CWE-538
Medium Backup filesCWE-538CWE-538
Medium Bazaar repository foundCWE-538CWE-538
High Chrome Logger information disclosureCWE-200CWE-200
Medium ColdFusion path disclosuresCWE-200CWE-200
Low ColdFusion Request Debugging information disclosureCWE-200CWE-200
Medium ColdFusion Robust Exception enabledCWE-200CWE-200
Medium Configuration file disclosureCWE-538CWE-538
High Configuration file source code disclosureCWE-538CWE-538
High Core dump checker PHP scriptCWE-200CWE-200
Medium Core dump fileCWE-200CWE-200
High Credit card number disclosedCWE-200CWE-200
Medium CVS web repositoryCWE-527CWE-527
High Database connection string disclosureCWE-200CWE-200
Medium Development configuration filesCWE-538CWE-538
Medium Devise weak passwordCWE-200CWE-200
High Directory listingsCWE-538CWE-538
Medium Django debug mode enabledCWE-200CWE-200
Medium Documentation filesCWE-538CWE-538
Low Dotenv .env fileCWE-538CWE-538
High Drupal 7 arbitrary PHP code execution and information disclosureCVE-2012-4553 CVE-2012-4554CWE-264CWE-264
High Drupal Backup Migrate directory publicly accessibleCWE-538CWE-538
High Drupal Core 5.x Information Disclosure [5.0 - 5.18]CVE-2009-2374CWE-200CWE-200
High Drupal Core 6.x Information Disclosure [6.0 - 6.30]CVE-2014-2983CWE-200CWE-200
High Drupal Core 7.x Information Disclosure [7.0 - 7.14]CVE-2012-2922CWE-200CWE-200
High Drupal Core 7.x Information Disclosure [7.0 - 7.26]CVE-2014-2983CWE-200CWE-200
High Drupal Core 8.8.x Information Disclosure [8.8.0 - 8.8.9]CVE-2020-13670CWE-200CWE-200
High Drupal Core 8.9.x Information Disclosure [8.9.0 - 8.9.5]CVE-2020-13670CWE-200CWE-200
High Drupal Core 8.x.x Information Disclosure [8.0.0 - 8.7.14]CVE-2020-13670CWE-200CWE-200
High Drupal Core 9.0.x Information Disclosure [9.0.0 - 9.0.5]CVE-2020-13670CWE-200CWE-200
High Drupal Views module information disclosure vulnerabilityCWE-200CWE-200
Medium Elasticsearch service accessibleCWE-200CWE-200
High elmah.axd information disclosureCWE-209CWE-209
Medium Email addressesCWE-200CWE-200
Informational Error messagesCWE-209CWE-209
Medium Error page path disclosureCWE-200CWE-200
Low Error page web server version disclosureCWE-200CWE-200
Informational File Content Disclosure in Action ViewCVE-2019-5418CWE-200CWE-200
High Folder backupCWE-538CWE-538
Medium Frontpage authors.pwd availableCWE-538CWE-538
Medium Frontpage extensions enabledCWE-16CWE-16
Medium Full public read access Azure blob storageCWE-264CWE-264
Medium Git repository foundCWE-527CWE-527
High GlassFish admin console weak credentialsCWE-693CWE-693
High Global.asa backup file foundCWE-538CWE-538
Medium Golang runtime profiling dataCWE-200CWE-200
Medium HTML Form found in redirect pageCWE-287CWE-287
Low IBM Web Content Manager XPath injectionCVE-2013-6735CWE-264CWE-264
High IBM WebSphere/WebLogic application source file exposureCWE-200CWE-200
High IBM WebSphere administration console weak passwordCWE-200CWE-200
High Insecure transition from HTTPS to HTTP in form postCWE-200CWE-200
Low Insecure transition from HTTP to HTTPS in form postCWE-200CWE-200
Medium Internal IP address disclosureCWE-200CWE-200
Informational Internet Information Server returns IP address in HTTP header [Content-Location]CWE-200CWE-200
Low JBoss BSHDeployer MBeanCWE-200CWE-200
High JBoss HttpAdaptor JMXInvokerServletCWE-94CWE-94
High JBoss JMX Console Unrestricted AccessCWE-200CWE-200
High JBoss JMX management consoleCWE-200CWE-200
High JBoss Seam remoting vulnerabilitiesCVE-2013-6447 CVE-2013-6448CWE-611CWE-611
High JBoss ServerInfo MBeanCVE-2010-0738CWE-200CWE-200
High JBoss Server MBeanCWE-200CWE-200
High JBoss status servlet information leakCVE-2010-1429CWE-200CWE-200
Medium JBoss Web Console JMX InvokerCWE-200CWE-200
High JBoss web service consoleCWE-200CWE-200
Low Jenkins dashboardCWE-200CWE-200
Medium Jenkins user enumerationCWE-200CWE-200
Low Jenkins weak passwordCWE-200CWE-200
High JetBrains .idea project directoryCWE-538CWE-538
Medium JetLeak vulnerabilityCVE-2015-2080CWE-200CWE-200
High Joe Editor DEADJOE fileCWE-538CWE-538
Low Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.11]CVE-2011-4911CWE-200CWE-200
High Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.12]CWE-200CWE-200
High Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.14]CWE-200CWE-200
High Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.15]CVE-2010-1432CWE-200CWE-200
High Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.23]CVE-2011-3629CWE-200CWE-200
High Joomla! Core 1.5.x Information Disclosure [1.5.0 - 1.5.25]CVE-2012-1599CWE-264CWE-264
High Joomla! Core 1.6.x Information Disclosure [1.6.0 - 1.6.3]CWE-200CWE-200
High Joomla! Core 1.6.x Information Disclosure [1.6.0 - 1.6.6]CVE-2012-0821CWE-200CWE-200
High Joomla! Core 1.6.x Information Disclosure [1.6.0 - 1.6.6]CVE-2012-0819CWE-200CWE-200
High Joomla! Core 1.7.0 Information Disclosure [1.7.0 - 1.7.0]CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.1]CVE-2011-4937CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.1]CVE-2011-3629CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.3]CVE-2012-0819CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.3]CVE-2012-0821CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.4]CVE-2012-0837CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.4]CVE-2012-0835CWE-200CWE-200
High Joomla! Core 1.7.x Information Disclosure [1.7.0 - 1.7.4]CVE-2012-0836CWE-200CWE-200
High Joomla! Core 2.5.0 Information Disclosure [2.5.0 - 2.5.0]CVE-2012-0835CWE-200CWE-200
High Joomla! Core 2.5.0 Information Disclosure [2.5.0 - 2.5.0]CVE-2012-0837CWE-200CWE-200
High Joomla! Core 2.5.x Information Disclosure [2.5.0 - 2.5.3]CVE-2012-1611CWE-200CWE-200
High Joomla! Core 2.5.x Information Disclosure [2.5.0 - 2.5.4]CVE-2012-2748CWE-200CWE-200
High Joomla! Core 2.5.x Information Disclosure [2.5.0 - 2.5.8]CVE-2013-1453CWE-200CWE-200
High Joomla! Core 2.5.x Information Disclosure [2.5.0 - 2.5.9]CVE-2013-3057CWE-200CWE-200
High Joomla! Core 3.0.x Information Disclosure [3.0.0 - 3.0.2]CVE-2013-1454CWE-200CWE-200
High Joomla! Core 3.0.x Information Disclosure [3.0.0 - 3.0.2]CVE-2013-1453CWE-200CWE-200
High Joomla! Core 3.0.x Information Disclosure [3.0.0 - 3.0.2]CVE-2013-1455CWE-200CWE-200
High Joomla! Core 3.0.x Information Disclosure [3.0.0 - 3.0.3]CVE-2013-3057CWE-200CWE-200
High Joomla! Core 3.7.x Information Disclosure [3.7.0 - 3.7.5]CVE-2017-14595CWE-200CWE-200
High Joomla! Core 3.9.x Information Disclosure [3.9.0 - 3.9.22]CVE-2020-35614CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.0.0 - 3.8.7]CVE-2018-11325CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.0.0 - 3.9.19]CVE-2020-15698CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.1.0 - 3.8.7]CVE-2018-11327CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.4.0 - 3.6.5]CVE-2017-8057CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.6.0 - 3.9.12]CVE-2019-18674CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.7.0 - 3.8.1]CVE-2017-16633CWE-200CWE-200
High Joomla! Core 3.x.x Information Disclosure [3.8.0 - 3.9.13]CVE-2019-19845CWE-200CWE-200
High Joomla! Core Information Disclosure [1.5.0 - 3.7.5]CVE-2017-14596CWE-200CWE-200
High Joomla! Core Information Disclosure [1.5.0 - 3.8.1]CVE-2017-14596CWE-200CWE-200
High Joomla! Core Information Disclosure [2.5.0 - 3.9.22]CVE-2020-35611CWE-200CWE-200
High Joomla! Core Information Disclosure [2.5.0 - 3.9.22]CVE-2020-35610CWE-200CWE-200
High JSONP enabled by default in MappingJackson2JsonViewCVE-2018-11040CWE-538CWE-538
Medium JVM version leakageCWE-200CWE-200
Informational Laravel log file publicly accessibleCWE-538CWE-538
Medium Macromedia Dreamweaver remote database scriptsCVE-2004-1893CWE-200CWE-200
High Magento CacheleakCWE-200CWE-200
High MantisBT multiple security issuesCVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042CWE-200CWE-200
High Mercurial repository foundCWE-538CWE-538
High Microsoft Frontpage configuration informationCWE-200CWE-200
Informational Microsoft IIS5 NTLM and Basic authentication bypassCVE-2007-2815CWE-264CWE-264
High Microsoft IIS Server service.cnf file foundCWE-538CWE-538
Low Microsoft IIS tilde directory enumerationCWE-20CWE-20
High Microsoft IIS version disclosureCWE-200CWE-200
Informational Microsoft Office possible sensitive informationCWE-200CWE-200
Low Minify arbitrary file disclosureCVE-2013-6619CWE-538CWE-538
High MongoDB HTTP status interfaceCWE-200CWE-200
Medium Multiple vulnerabilities in Ioncube loader-wizard.phpCWE-552CWE-552
High MySQL connection credentialsCWE-538CWE-538
High MySQL username disclosureCWE-538CWE-538
Low Nginx memory disclosure with specially crafted HTTP backend responsesCVE-2012-1180CWE-399CWE-399
High nginx range filter integer overflowCVE-2017-7529CWE-200CWE-200
Medium npm log file publicly accessible [npm-debug.log]CWE-200CWE-200
Medium OData feed accessible anonymouslyCWE-200CWE-200
Low Oracle applications logs publicy availableCWE-200CWE-200
Medium Oracle JavaServer Faces multiple vulnerabilitiesCVE-2013-3827CWE-22CWE-22
High Oracle Reports Services RWServlet environment variables disclosureCWE-200CWE-200
Low Padding oracle attackCWE-209CWE-209
High Password field submitted using GET methodCWE-200CWE-200
Medium PHP-CGI remote code executionCVE-2012-1823 CVE-2012-2311CWE-20CWE-20
High PHP-CS-Fixer cache file publicly accessible [.php_cs.cache]CWE-200CWE-200
Medium PHP-FPM Status PageCWE-200CWE-200
Medium PHP curl_exec[] url is controlled by userCVE-2009-0037CWE-352CWE-352
Medium PHP errors enabledCWE-209CWE-209
Medium PHPinfo pageCWE-200CWE-200
Medium PHPinfo pagesCWE-200CWE-200
Medium PHP opcache-status page publicly accessibleCWE-200CWE-200
Medium Possible database backupCWE-538CWE-538
High Possible sensitive directoriesCWE-200CWE-200
Low Possible sensitive filesCWE-200CWE-200
Low Possible server path disclosure [Unix]CWE-200CWE-200
Informational Possible server path disclosure [Windows]CWE-200CWE-200
Informational Possible social security number disclosedCWE-200CWE-200
Medium Possible SQL Statement in commentCWE-200CWE-200
Low Possible username or password disclosureCWE-200CWE-200
Informational Possible virtual host foundCWE-200CWE-200
Low rack-mini-profiler environment variables disclosureCWE-287CWE-287
Medium Rails controller possible sensitive information disclosureCWE-200CWE-200
Medium Reachable SharePoint interfaceCWE-200CWE-200
High RSA private keyCWE-200CWE-200
High Ruby on Rails database configuration fileCWE-538CWE-538
High SAP ICF /sap/public/info sensitive information disclosureCWE-200CWE-200
Medium SAP Management Console get user listCWE-200CWE-200
High SAP Management Console list logfilesCWE-200CWE-200
High SAP NetWeaver Java AS WD_CHAT information disclosure vulnerabilityCWE-200CWE-200
Medium SAP NetWeaver server info information disclosureCWE-200CWE-200
Medium SAP NetWeaver server info information disclosure BCBCWE-200CWE-200
Medium SAP weak/predictable user credentialsCWE-200CWE-200
High Secrets leakageCWE-200CWE-200
Medium Sensitive pages could be cachedCWE-200CWE-200
Low Server-based source code disclosuresCWE-538CWE-538
Medium Session token in URLCWE-200CWE-200
Low SFTP/FTP credentials exposureCWE-200CWE-200
High SharePoint exposed web servicesCWE-200CWE-200
Medium SharePoint user enumerationCWE-200CWE-200
High Snoop Servlet information disclosureCWE-200CWE-200
Low Source code disclosuresCWE-538CWE-538
Medium SQLite database foundCWE-538CWE-538
Medium Stack Trace Disclosure [Apache MyFaces]CWE-209CWE-209
Low Stack Trace Disclosure [ASP.NET]CWE-209CWE-209
Low Stack Trace Disclosure [CakePHP]CWE-209CWE-209
Low Stack Trace Disclosure [CherryPy]CWE-209CWE-209
Low Stack Trace Disclosure [ColdFusion]CWE-209CWE-209
Low Stack Trace Disclosure [Grails]CWE-209CWE-209
Low Stack Trace Disclosure [GWT]CWE-209CWE-209
Low Stack Trace Disclosure [Java]CWE-209CWE-209
Low Stack Trace Disclosure [Laravel]CWE-209CWE-209
Low Stack Trace Disclosure [Node.js]CWE-209CWE-209
Low Stack Trace Disclosure [Python]CWE-209CWE-209
Low Stack Trace Disclosure [Rails]CWE-209CWE-209
Low Stack Trace Disclosure [Ruby]CWE-209CWE-209
Low Stack Trace Disclosure [Tomcat]CWE-209CWE-209
Low SVN repository foundCWE-538CWE-538
High Symfony databases.yml configuration fileCWE-538CWE-538
High Symfony web debug toolbarCWE-489CWE-489
Medium The Heartbleed BugCVE-2014-0160CWE-200CWE-200
High Tiki Wiki CMS: Arbitrary Code Execution
High Tiki Wiki CMS: Arbitrary File Download
High Tiki Wiki CMS: Remote Code Execution via Calendar Module
High Tomcat status pageCWE-200CWE-200
Low Unencrypted __VIEWSTATE parameterCWE-200CWE-200
Medium Unprotected JSON file leaking secretsCWE-200CWE-200
Medium Unprotected phpMyAdmin interfaceCWE-205CWE-205
High Unrestricted access to NGINX+ API interface [read only]CWE-200CWE-200
Medium Unrestricted access to NGINX+ API interface [read write]CWE-200CWE-200
High Unrestricted access to NGINX+ DashboardCWE-200CWE-200
Medium Unrestricted access to NGINX+ Status moduleCWE-200CWE-200
Low Unrestricted access to NGINX+ Upstream HTTP interfaceCWE-200CWE-200
Medium vBulletin customer number disclosureCVE-2013-6129CWE-264CWE-264
High Virtual host directory listingCWE-538CWE-538
Medium W3 total cache debug modeCWE-489CWE-489
Medium Weak passwordCWE-200CWE-200
High web.xml configuration file disclosureCWE-538CWE-538
High webadmin.php scriptCWE-552CWE-552
High Webalizer scriptCWE-538CWE-538
Medium Web application default/weak credentialsCWE-200CWE-200
High WebDAV directory listingCWE-538CWE-538
Medium WebLogic admin console weak credentialsCWE-693CWE-693
High Webmail weak passwordCWE-200CWE-200
High Web server default welcome pageCWE-200CWE-200
Informational WordPress database credentials disclosureCWE-538CWE-538
Medium WordPress debug modeCWE-200CWE-200
High WordPress full path disclosureCWE-200CWE-200
Low WordPress pingback scannerCVE-2013-0235CWE-918CWE-918
Medium WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities [0.6.2 - 2.1.3]CVE-2007-0540CWE-200 CWE-400CWE-200 CWE-400
High WordPress Plugin A2 Optimized WP Information Disclosure [2.0.10.8]CWE-200CWE-200
High WordPress Plugin AccessAlly Information Disclosure [3.5.6]CVE-2021-24226CWE-200CWE-200
High WordPress Plugin ACF to REST API Information Disclosure [3.2.0]CVE-2020-13700CWE-200CWE-200
High WordPress Plugin Activity Log Information Disclosure [2.2.12]CWE-200CWE-200
High WordPress Plugin Acumbamail Information Disclosure [1.0.4]CWE-200CWE-200
High WordPress Plugin Advanced Contact form 7 DB Information Disclosure [1.1.0]CWE-200CWE-200
High WordPress Plugin Advanced Contact form 7 DB Information Disclosure [1.6.2]CWE-200CWE-200
High WordPress Plugin Advanced Woo Search Information Disclosure [1.99]CVE-2020-12070CWE-200CWE-200
High WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure [0.3.4]CWE-611CWE-611
High WordPress Plugin AlertWire Information Disclosure [1.1.1]CWE-200CWE-200
High WordPress Plugin All-in-One WP Migration Information Disclosure [7.0]CWE-200CWE-200
High WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve Your SEO Rankings Information Disclosure [2.2.5.1]CVE-2015-0902CWE-200CWE-200
High WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure [1.9.92]CWE-538CWE-538
High WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download [1.0]CWE-22CWE-22
High WordPress Plugin Aspose DOC Exporter Arbitrary File Download [1.0]CWE-22CWE-22
High WordPress Plugin Aspose Importer & Exporter Arbitrary File Download [2.0]CWE-22CWE-22
High WordPress Plugin Aspose PDF Exporter Arbitrary File Download [1.0]CWE-22CWE-22
High WordPress Plugin BackupBuddy Arbitrary File Download [8.7.4.1]CVE-2022-31474CWE-22CWE-22
High WordPress Plugin BackupBuddy Information Disclosure [2.2.28]CVE-2013-2743 CVE-2013-2744CWE-200CWE-200
High WordPress Plugin Be POPIA Compliant Information Disclosure [1.1.5]CVE-2022-1186CWE-200CWE-200
High WordPress Plugin Better WordPress Minify Arbitrary File Disclosure [1.2.2]CWE-538CWE-538
High WordPress Plugin Breadcrumb NavXT Information Disclosure [6.1.0]CWE-200CWE-200
High WordPress Plugin BuddyPress Information Disclosure [5.1.1]CVE-2020-5244CWE-200CWE-200
High WordPress Plugin BulletProof Security Information Disclosure [5.1]CVE-2021-39327CWE-200CWE-200
High WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure [1.8.1]CWE-538CWE-538
High WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure [1.3.5.2]CWE-200CWE-200
High WordPress Plugin Candidate Application Form Arbitrary File Disclosure [1.6]CWE-538CWE-538
High WordPress Plugin Candidate Application Form Arbitrary File Download [1.0]CVE-2015-1000005CWE-22CWE-22
High WordPress Plugin Cart66 Pro Arbitrary File Disclosure [1.5.3]CVE-2014-9461CWE-22CWE-22
High WordPress Plugin Cherry Services List Information Disclosure [1.4.1]CWE-200CWE-200
High WordPress Plugin Cherry Team Members Information Disclosure [1.4.1]CWE-200CWE-200
High WordPress Plugin Child Theme Configurator Arbitrary File Disclosure [1.7.4]CWE-538CWE-538
High WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure [1.4.2]CWE-22CWE-22
High WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure [1.46]CWE-22CWE-22
High WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure [1.0.11]CWE-538CWE-538
High WordPress Plugin Contact Form 7 Database Information Disclosure [1.3]CWE-200CWE-200
High WordPress Plugin Contact Form Email Information Disclosure [1.2.66]CWE-200CWE-200
High WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities [3.1]CVE-2012-0896CWE-22 CWE-79CWE-22 CWE-79
High WordPress Plugin Count per Day Information Disclosure [3.2.5]CWE-200CWE-200
High WordPress Plugin CP Image Store with Slideshow Arbitrary File Download [1.0.5]CWE-22CWE-22
High WordPress Plugin Crayon Syntax Highlighter Local File Disclosure [2.6.10]CWE-22CWE-22
High WordPress Plugin Credova_Financial Information Disclosure [1.4.8]CVE-2021-39342CWE-200CWE-200
High WordPress Plugin Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure [1.8.6]CVE-2022-0345CWE-200CWE-200
High WordPress Plugin Direct Download for Woocommerce Arbitrary File Download [1.15]CWE-538CWE-538
High WordPress Plugin Doneren met Mollie Information Disclosure [2.8.4]CWE-200CWE-200
High WordPress Plugin Download Monitor Information Disclosure [1.6.3]CWE-538CWE-538
High WordPress Plugin Download Shortcode Arbitrary File Disclosure [0.1]CWE-22CWE-22
High WordPress Plugin Download Zip Attachments Arbitrary File Download [1.0.0]CVE-2015-4704CWE-22CWE-22
High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure [0.3.0]CWE-22CWE-22
High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download [1.3.26]CVE-2020-11738CWE-538CWE-538
High WordPress Plugin DZS Video Gallery Information Disclosure [3.1.3]CWE-200CWE-200
High WordPress Plugin Easy Author Image Information Disclosure [1.5]CWE-200CWE-200
High WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure [1.1.0]CWE-22CWE-22
High WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure [2.7.6]CWE-200CWE-200
High WordPress Plugin Email Log Information Disclosure [1.9]CWE-200CWE-200
High WordPress Plugin Email newsletter 'option' Parameter Information Disclosure [8.0]CWE-200CWE-200
High WordPress Plugin Email Subscribers & Newsletters Information Disclosure [3.4.7]CVE-2018-6015CWE-200CWE-200
High WordPress Plugin Eshop Magic Arbitrary File Disclosure [0.1]CWE-22CWE-22
High WordPress Plugin Fast Velocity Minify Information Disclosure [2.7.6]CVE-2019-19983CWE-200CWE-200
High WordPress Plugin Filedownload 'download.php' Local File Disclosure [0.1]CWE-22CWE-22
High WordPress Plugin File Manager Information Disclosure [6.4]CVE-2020-24312CWE-200CWE-200
High WordPress Plugin Find My Blocks Information Disclosure [3.3.2]CVE-2021-24677CWE-200CWE-200
High WordPress Plugin FireStats Arbitrary File Download [1.6.5]CWE-538CWE-538
High WordPress Plugin Font Awesome Information Disclosure [4.0.0-rc16]CWE-200CWE-200
High WordPress Plugin Formidable Form Builder-Contact Form, Survey & Quiz Forms for WordPress Information Disclosure [2.0.07]CWE-200CWE-200
High WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure [1.4.3]CVE-2012-4920CWE-22CWE-22
High WordPress Plugin Fusion Engage Local File Disclosure [1.0.5]CWE-22CWE-22
High WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure [4.24]CVE-2014-8491CWE-200CWE-200
High WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities [0.59]CWE-22 CWE-89CWE-22 CWE-89
High WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure [3.8.3]CWE-538CWE-538
High WordPress Plugin Ghost Arbitrary File Download [0.5.5]CWE-538CWE-538
High WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure [2.20.2]CVE-2022-2117CWE-200CWE-200
High WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities [1.5.1]CWE-95 CWE-200CWE-95 CWE-200
High WordPress Plugin GlotPress Information Disclosure [2.2.1]CWE-200CWE-200
High WordPress Plugin Gmail SMTP Arbitrary File Disclosure [1.1.0]CVE-2017-5223CWE-200CWE-200
High WordPress Plugin Google Doc Embedder Arbitrary File Disclosure [2.4.6]CVE-2012-4915CWE-22CWE-22
High WordPress Plugin Google Drive for WordPress Information Disclosure [2.2]CWE-538CWE-538
High WordPress Plugin Gravity Forms Information Disclosure [2.4.8]CVE-2020-13764CWE-200CWE-200
High WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure [2.0.9.4]CWE-538CWE-538
High WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download [1.0.0]CWE-538CWE-538
High WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure [1.2.3]CWE-538CWE-538
High WordPress Plugin Helpful Information Disclosure [4.5.25]CVE-2022-2834CWE-200CWE-200
High WordPress Plugin History Collection Arbitrary File Download [1.1.1]CWE-538CWE-538
High WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure [2.6]CVE-2014-9177CWE-200CWE-200
High WordPress Plugin IBS Mappro Arbitrary File Download [0.6]CVE-2015-5472CWE-22CWE-22
High WordPress Plugin Image Export Arbitrary File Download [1.1.0]CVE-2015-5609CWE-22CWE-22
High WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure [3.7]CWE-22CWE-22
High WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure [3.6.74]CWE-200CWE-200
High WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure [3.42]CWE-22CWE-22
High WordPress Plugin iThemes Security [formerly Better WP Security] Information Disclosure [5.1.1]CWE-200CWE-200
High WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure [9.7.1]CVE-2021-24374CWE-200CWE-200
High WordPress Plugin Jigoshop Information Disclosure [1.17.9]CWE-200CWE-200
High WordPress Plugin JM Twitter Cards Information Disclosure [6.1]CWE-200CWE-200
High WordPress Plugin Log Emails Information Disclosure [1.0.6]CWE-200CWE-200
High WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure [2.8]CWE-22CWE-22
High WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download [3.0]CWE-538CWE-538
High WordPress Plugin Mailing List 'dl.php' Arbitrary File Download [1.4.1]CWE-22CWE-22
High WordPress Plugin MapSVG Lite Arbitrary File Disclosure [4.2.3.1]CWE-538CWE-538
High WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure [2.3.0]CWE-200CWE-200
High WordPress Plugin Membership Simplified Arbitrary File Download [1.58]CVE-2017-1002008CWE-538CWE-538
High WordPress Plugin Memphis Documents Library Arbitrary File Download [3.1.5]CWE-538CWE-538
High WordPress Plugin MetaSlider Information Disclosure [3.3.1]CWE-200CWE-200
High WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure [2.1.3]CVE-2022-1442CWE-200CWE-200
High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure [1.0.4]CWE-538CWE-538
High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download [1.0.5]CWE-538CWE-538
High WordPress Plugin MP3-jPlayer Information Disclosure [2.3.2]CVE-2015-1000008CWE-200CWE-200
High WordPress Plugin MP3-jPlayer Local File Disclosure [2.3]CWE-538CWE-538
High WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure [1.1.0]CWE-538CWE-538
High WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure [1.9.11]CVE-2013-0291CWE-200CWE-200
High WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure [1.0.8]CWE-200CWE-200
High WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities [1.2.1]CVE-2012-6511 CVE-2012-6512CWE-79 CWE-200CWE-79 CWE-200
High WordPress Plugin Page and Post Clone Information Disclosure [1.1]CWE-200CWE-200
High WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure [0.2.2]CVE-2008-5752CWE-22CWE-22
High WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure [1.4.9]CWE-538CWE-538
High WordPress Plugin Paid Memberships Pro Information Disclosure [2.5.2]CWE-200CWE-200
High WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure [1.3]CWE-538CWE-538
High WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure [1.0]CWE-22CWE-22
High WordPress Plugin Pike Firewall Information Disclosure [1.4]CWE-200CWE-200
High WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure [1.5]CVE-2012-3588CWE-22CWE-22
High WordPress Plugin Popup Maker-Popup Forms, Optins & More Information Disclosure [1.8.11]CVE-2019-17574CWE-200CWE-200
High WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download [1.2.6]CWE-538CWE-538
High WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure [4.1]CWE-538CWE-538
High WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure [2.0]CWE-538CWE-538
High WordPress Plugin RB Agency Local File Disclosure [2.4.7]CWE-22CWE-22
High WordPress Plugin Recent Backups Arbitrary File Download [0.7]CVE-2015-1000006CWE-22CWE-22
High WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download [0.7]CVE-2015-9464CWE-22CWE-22
High WordPress Plugin Save Contact Form 7 Information Disclosure [2.0]CWE-200CWE-200
High WordPress Plugin Sell Downloads Arbitrary File Disclosure [1.0.1]CVE-2014-9511CWE-538CWE-538
High WordPress Plugin Sell Downloads Arbitrary File Disclosure [1.0.17]CWE-22CWE-22
High WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure [3.0]CWE-538CWE-538
High WordPress Plugin Share Drafts Publicly Information Disclosure [1.1.4]CWE-200CWE-200
High WordPress Plugin ShareYourCart Information Disclosure [1.6.1]CVE-2012-4332CWE-200CWE-200
High WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure [2.0.5]CVE-2014-4942CWE-200CWE-200
High WordPress Plugin Simple Backup Arbitrary File Download [2.7.10]CWE-538CWE-538
High WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure [1.0]CWE-22CWE-22
High WordPress Plugin Simple File List Arbitrary File Download [3.2.7]CVE-2022-1119CWE-538CWE-538
High WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure [1.1.3]CVE-2012-6313CWE-200CWE-200
High WordPress Plugin Simple History Information Disclosure [1.0.7]CWE-200CWE-200
High WordPress Plugin Simple History Information Disclosure [2.7.4]CWE-200CWE-200
High WordPress Plugin Simple Image Manipulator Arbitrary File Download [1.0]CVE-2015-1000010CWE-538CWE-538
High WordPress Plugin Simply Static Arbitrary File Download [1.6.2]CWE-22CWE-22
High WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure [1.3.4]CWE-538CWE-538
High WordPress Plugin Slack-Chat Information Disclosure [1.5.5]CVE-2019-14367CWE-200CWE-200
High WordPress Plugin Slideshow Information Disclosure [2.2.21]CVE-2015-3634CWE-200CWE-200
High WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities [2.1.12]CWE-79 CWE-200CWE-79 CWE-200
High WordPress Plugin SL User Create Information Disclosure [0.2.4]CWE-200CWE-200
High WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities [6.1.1]CWE-94 CWE-200CWE-94 CWE-200
High WordPress Plugin Social Network Tabs Information Disclosure [1.7.1]CVE-2018-20555CWE-200CWE-200
High WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities [1.4.3]CWE-352 CWE-538CWE-352 CWE-538
High WordPress Plugin SSL Insecure Content Fixer Information Disclosure [2.0.0]CWE-200CWE-200
High WordPress Plugin Stop User Enumeration Cross-Site Scripting [1.3.7]CWE-79CWE-79
High WordPress Plugin Stop User Enumeration Security Bypass [1.3.18]CWE-264CWE-264
High WordPress Plugin Stop User Enumeration User Enumeration [1.2.4]CWE-203CWE-203
High WordPress Plugin Stop User Enumeration User Enumeration [1.3.4]CWE-203CWE-203
High WordPress Plugin Stop User Enumeration User Enumeration [1.3.8]CWE-203CWE-203
High WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure [2.0.2]CWE-200CWE-200
High WordPress Plugin Super Refer A Friend Information Disclosure [1.0]CWE-200CWE-200
High WordPress Plugin Swim Team Arbitrary File Download [1.44.1077]CVE-2015-5471CWE-22CWE-22
High WordPress Plugin Theme Editor Arbitrary File Download [2.5]CVE-2021-24154CWE-538CWE-538
High WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure [1.1.3]CWE-22CWE-22
High WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure [2.3.19]CVE-2021-24585CWE-200CWE-200
High WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure [1.0.7]CWE-22CWE-22
High WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure [1.14.9]CWE-200CWE-200
High WordPress Plugin TRADIES Information Disclosure [2.2.6]CWE-200CWE-200
High WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure [1.1.1]CWE-22CWE-22
High WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download [1.0.1]CWE-22CWE-22
High WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership Information Disclosure [1.2.5]CWE-200CWE-200
High WordPress Plugin UnGallery Local File Disclosure [1.5.8]CWE-22CWE-22
High WordPress Plugin Unyson Information Disclosure [2.7.18]CWE-200CWE-200
High WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure [2.1.8.5]CWE-538CWE-538
High WordPress Plugin User Meta Manager Information Disclosure [3.4.7]CWE-200CWE-200
High WordPress Plugin User Profile Picture Information Disclosure [2.4.0]CVE-2021-24170CWE-200CWE-200
High WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure [1.1]CVE-2012-1786CWE-200CWE-200
High WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities [1.0.0]CVE-2012-6651CWE-22CWE-22
High WordPress Plugin W3 Total Cache Arbitrary File Disclosure [0.9.3]CVE-2019-6715CWE-538CWE-538
High WordPress Plugin W3 Total Cache Information Disclosure [0.9.2.4]CWE-200CWE-200
High WordPress Plugin WebP Express Arbitrary File Disclosure [0.14.10]CVE-2019-15330CWE-538CWE-538
High WordPress Plugin Welcart e-Commerce Information Disclosure [2.2.7]CWE-200CWE-200
High WordPress Plugin WooCommerce Arbitrary File Download [3.4.5]CWE-538CWE-538
High WordPress Plugin WooCommerce Email Test Information Disclosure [1.5]CWE-200CWE-200
High WordPress Plugin WooCommerce Information Disclosure [4.5.2]CVE-2020-29156CWE-200CWE-200
High WordPress Plugin WordPress Backup to Dropbox Information Disclosure [4.7.1]CWE-200CWE-200
High WordPress Plugin WordPress Mobile Pack Information Disclosure [2.0.1]CVE-2014-5337CWE-264CWE-264
High WordPress Plugin WordPress Mobile Pack Information Disclosure [2.1.2]CVE-2015-9269CWE-200CWE-200
High WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download [1.0]CVE-2015-4703CWE-538CWE-538
High WordPress Plugin WordPress Social Stream Information Disclosure [1.6]CWE-522CWE-522
High WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download [2.60]CWE-22CWE-22
High WordPress Plugin wp-FileManager Arbitrary File Disclosure [1.3.0]CWE-22CWE-22
High WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure [1.0.3]CWE-22CWE-22
High WordPress Plugin WP-Live Chat by 3CX Information Disclosure [8.0.28]CWE-200CWE-200
High WordPress Plugin WP-Mon Arbitrary File Disclosure [0.5.1]CWE-22CWE-22
High WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure [1.38.3.2]CWE-200CWE-200
High WordPress Plugin WP Activity Log Information Disclosure [3.1.1]CVE-2018-8719CWE-200CWE-200
High WordPress Plugin WP Attachment Export Arbitrary File Download [0.2.3]CWE-538CWE-538
High WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure [2.0.5]CWE-22CWE-22
High WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure [0.5.0.1]CVE-2011-1669CWE-22CWE-22
High WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download [2.5]CVE-2015-5468CWE-22CWE-22
High WordPress Plugin WP Easy full backup Information Disclosure [1.4]CWE-200CWE-200
High WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download [1.3.9.2]CWE-538CWE-538
High WordPress Plugin WP Import Export Information Disclosure [3.9.15]CVE-2022-0236CWE-200CWE-200
High WordPress Plugin WP Import Export Lite Information Disclosure [3.9.15]CVE-2022-0236CWE-200CWE-200
High WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure [1.2.1]CVE-2019-14365CWE-200CWE-200
High WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download [2.4.0]CVE-2014-9013 CVE-2014-9014CWE-22CWE-22
High WordPress Plugin WP Mobile Edition Arbitrary File Disclosure [2.2.7]CWE-22CWE-22
High WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities [1.3.1]CWE-22 CWE-538CWE-22 CWE-538
High WordPress Plugin WP PHP widget Information Disclosure [1.0.2]CVE-2013-0721CWE-200CWE-200
High WordPress Plugin WP REST API [WP API] Information Disclosure [1.2]CWE-200CWE-200
High WordPress Plugin WP SlackSync Information Disclosure [1.8.5]CVE-2019-14366CWE-200CWE-200
High WordPress Plugin wp superb Slideshow Information Disclosure [2.4]CWE-200CWE-200
High WordPress Plugin wptf-image-gallery Arbitrary File Download [1.0.3]CVE-2015-1000007CWE-538CWE-538
High WordPress Plugin Yoast SEO Information Disclosure [3.2.4]CWE-200CWE-200
High WordPress Plugin Zip Attachments Arbitrary File Download [1.4]CVE-2015-4694CWE-538CWE-538
High WordPress REST API User EnumerationCWE-200CWE-200
Low WordPress username enumerationCWE-200CWE-200
Medium WordPress W3 Total Cache plugin predictable cache filenamesCVE-2012-6077 CVE-2012-6078 CVE-2012-6079CWE-200CWE-200
High WPEngine _wpeprivate/config.json information disclosureCWE-200CWE-200
High WS_FTP log file foundCWE-538CWE-538
Medium X-Forwarded-For HTTP header security bypassCWE-287CWE-287
High XML entity injectionCWE-611CWE-611
High XML external entity injectionCWE-611CWE-611
High XML external entity injection [variant]CWE-611CWE-611
High XML external entity injection and XML injectionCWE-611CWE-611
High XML external entity injection via external fileCWE-611CWE-611
High XML external entity injection via File UploadCWE-611CWE-611
High Yii2 debug toolkitCWE-200CWE-200
Medium Zend framework configuration file information disclosureCWE-538CWE-538
High Zend Framework local file disclosure via XXE injectionCVE-2012-3363 CVE-2015-5161CWE-611CWE-611
High
What is disclosure in information security?
Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users. Depending on the context, websites may leak all kinds of information to a potential attacker, including: Data about other users, such as usernames or financial information.
What are the different types of security disclosures?
The paths to vulnerability disclosure that an organization can take include the following..
Responsible disclosures. ... .
Coordinated vulnerability disclosures. ... .
Self-disclosures. ... .
Third-party disclosures. ... .
Vendor disclosures. ... .
Full disclosures..
Which of the following is an example of information disclosure?
Some basic examples of information disclosure are as follows: Revealing the names of hidden directories, their structure, and their contents via a robots. txt file or directory listing. Providing access to source code files via temporary backups.
What is CVE in security?
CVE stands for Common Vulnerabilities and Exposures. CVE is a glossary that classifies vulnerabilities. The glossary analyzes vulnerabilities and then uses the Common Vulnerability Scoring System [CVSS] to evaluate the threat level of a vulnerability.