Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4188 exploits
Nucleicritical
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RIESGO
abrir
Nucleimedium
Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleicritical
Registrations for the Events Calendar < 2.7.6 - SQL Injection
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
18RIESGO
abrir
Nucleicritical
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RIESGO
abrir
Nucleimedium
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
18RIESGO
abrir
Nucleimedium
Blog2Social < 6.8.7 - Cross-Site Scripting
Blog2Social < 6.8.7 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleihigh
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion
18RIESGO
abrir
Nucleimedium
Paid Memberships Pro < 2.6.6 - Cross-Site Scripting
Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
WordPress Super Socializer <7.13.30 - Cross-Site Scripting
Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
WordPress Guppy <=1.1 - Information Disclosure
WP Guppy < 1.3 - Sensitive Information Disclosure
18RIESGO
abrir
Nucleicritical
WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
WPCargo < 6.9.0 - Unauthenticated RCE
50RIESGO
abrir
Nucleimedium
The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
Code Snippets < 2.14.3 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
Chaty < 2.8.2 - Cross-Site Scripting
Chaty < 2.8.3 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
WordPress Event Tickets < 5.2.2 - Open Redirect
Event Tickets < 5.2.2 - Open Redirect
18RIESGO
abrir
Nucleicritical
PublishPress Capabilities < 2.3.1 - Missing Authorization
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
38RIESGO
abrir
Nucleimedium
Noptin < 1.6.5 - Open Redirect
Noptin < 1.6.5 - Open Redirect
18RIESGO
abrir
Nucleihigh
WordPress Button Generator <2.3.3 - Remote File Inclusion
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
18RIESGO
abrir
Nucleimedium
WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir
Nucleimedium
WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir
Nucleimedium
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir
Nucleimedium
Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)
18RIESGO
abrir
Nucleimedium
WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
18RIESGO
abrir
Nucleilow
WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS
18RIESGO
abrir
Nucleimedium
Affiliates Manager < 2.9.0 - Cross Site Scripting
Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting
18RIESGO
abrir
Nucleimedium
Contact Form Entries < 1.2.4 - Cross-Site Scripting
Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleicritical
WordPress Popup Builder < 4.0.7 - Remote Code Execution
Popup Builder < 4.0.7 - LFI to RCE
18RIESGO
abrir
Nucleimedium
WOOF WordPress plugin - Cross-Site Scripting
WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting
18RIESGO
abrir
Nucleihigh
Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution
Tatsu < 3.3.12 - Unauthenticated RCE
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.