Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleimedium
WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir ↗Nucleimedium
WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir ↗Nucleimedium
WordPress AcyMailing <7.5.0 - Open Redirect
AcyMailing < 7.5.0 - Unauthenticated Open Redirect
18RIESGO
abrir ↗Nucleimedium
WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
23RIESGO
abrir ↗Nucleihigh
Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection
Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4
18RIESGO
abrir ↗Nucleimedium
WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress WooCommerce <1.13.22 - Cross-Site Scripting
PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir ↗Nucleimedium
WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
23RIESGO
abrir ↗Nucleimedium
WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS
18RIESGO
abrir ↗Nucleihigh
WordPress Statistics <13.0.8 - Blind SQL Injection
WP Statistics < 13.0.8 - Unauthenticated SQL Injection
23RIESGO
abrir ↗Nucleimedium
WordPress JNews Theme <8.0.6 - Cross-Site Scripting
JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleihigh
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
30RIESGO
abrir ↗Nucleimedium
WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
18RIESGO
abrir ↗Nucleimedium
WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleicritical
WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE
30RIESGO
abrir ↗Nucleimedium
WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress FoodBakery <2.2 - Cross-Site Scripting
FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress wpForo Forum < 1.9.7 - Open Redirect
wpForo Forum < 1.9.7 - Open Redirect
18RIESGO
abrir ↗Nucleimedium
WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
Prismatic < 2.8 - Cross-Site Scripting
Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
18RIESGO
abrir ↗Nucleicritical
Wordpress Polls Widget < 1.5.3 - SQL Injection
Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection
30RIESGO
abrir ↗Nucleimedium
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
18RIESGO
abrir ↗Nucleicritical
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
30RIESGO
abrir ↗Nucleimedium
WordPress Post Grid <2.1.8 - Cross-Site Scripting
Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)
43RIESGO
abrir ↗Nucleimedium
Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting
18RIESGO
abrir ↗Nucleimedium
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.