Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4188 exploits
Nucleicritical
WordPress Workreap - Remote Code Execution
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RIESGO
abrir ↗Nucleimedium
WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir ↗Nucleimedium
ProfilePress < 3.1.11 - Cross-Site Scripting
ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
18RIESGO
abrir ↗Nucleicritical
Profile Builder < 3.4.9 - Improper Authentication
Profile Builder < 3.4.9 - Admin Access via Password Reset
18RIESGO
abrir ↗Nucleihigh
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
18RIESGO
abrir ↗Nucleihigh
G Auto-Hyperlink <= 1.0.1 - SQL Injection
G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection
18RIESGO
abrir ↗Nucleihigh
Images to WebP < 1.9 - Authenticated Local File Inclusion
Images to WebP < 1.9 - Authenticated Local File Inclusion
18RIESGO
abrir ↗Nucleihigh
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
38RIESGO
abrir ↗Nucleimedium
Limit Login Attempts WordPress - Stored Cross-site Scripting
Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
18RIESGO
abrir ↗Nucleicritical
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
18RIESGO
abrir ↗Nucleimedium
Duplicate Page WordPress - Stored Cross-Site Scripting
Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting
18RIESGO
abrir ↗Nucleicritical
Pie Register < 3.7.1.6 - SQL Injection
Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
18RIESGO
abrir ↗Nucleimedium
WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleihigh
WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
50RIESGO
abrir ↗Nucleicritical
WordPress Perfect Survey <1.5.2 - SQL Injection
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RIESGO
abrir ↗Nucleihigh
Download Monitor < 4.4.5 - SQL Injection
Download Monitor < 4.4.5 - Admin+ SQL Injection
61RIESGO
abrir ↗Nucleihigh
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
18RIESGO
abrir ↗Nucleicritical
WordPress Asgaros Forum <1.15.13 - SQL Injection
Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
23RIESGO
abrir ↗Nucleimedium
WordPress AnyComment <0.3.5 - Open Redirect
AnyComment < 0.3.5 - Open Redirect
18RIESGO
abrir ↗Nucleicritical
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
18RIESGO
abrir ↗Nucleihigh
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RIESGO
abrir ↗Nucleimedium
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleimedium
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleimedium
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleimedium
WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
Elementor < 3.4.8 - DOM Cross-Site-Scripting
23RIESGO
abrir ↗Nucleimedium
WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
18RIESGO
abrir ↗Nucleicritical
Contest Gallery < 13.1.0.6 - SQL injection
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
23RIESGO
abrir ↗Nucleihigh
WordPress Qubely < 1.8.6 - Unauthenticated Email Sending
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
18RIESGO
abrir ↗Nucleihigh
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RIESGO
abrir ↗Nucleimedium
WordPress Domain Check <1.0.17 - Cross-Site Scripting
Domain Check < 1.0.17 - Reflected Cross-Site Scripting
43RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.