Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleicritical
WordPress Workreap - Remote Code Execution
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISCO
abrir
Nucleimedium
WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleimedium
ProfilePress < 3.1.11 - Cross-Site Scripting
ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
18RISCO
abrir
Nucleicritical
Profile Builder < 3.4.9 - Improper Authentication
Profile Builder < 3.4.9 - Admin Access via Password Reset
18RISCO
abrir
Nucleihigh
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
18RISCO
abrir
Nucleihigh
G Auto-Hyperlink <= 1.0.1 - SQL Injection
G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection
18RISCO
abrir
Nucleihigh
Images to WebP < 1.9 - Authenticated Local File Inclusion
Images to WebP < 1.9 - Authenticated Local File Inclusion
18RISCO
abrir
Nucleihigh
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
38RISCO
abrir
Nucleimedium
Limit Login Attempts WordPress - Stored Cross-site Scripting
Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
18RISCO
abrir
Nucleicritical
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
18RISCO
abrir
Nucleimedium
Duplicate Page WordPress - Stored Cross-Site Scripting
Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Pie Register < 3.7.1.6 - SQL Injection
Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
18RISCO
abrir
Nucleimedium
WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleihigh
WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
50RISCO
abrir
Nucleicritical
WordPress Perfect Survey <1.5.2 - SQL Injection
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISCO
abrir
Nucleihigh
Download Monitor < 4.4.5 - SQL Injection
Download Monitor < 4.4.5 - Admin+ SQL Injection
61RISCO
abrir
Nucleihigh
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
18RISCO
abrir
Nucleicritical
WordPress Asgaros Forum <1.15.13 - SQL Injection
Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
23RISCO
abrir
Nucleimedium
WordPress AnyComment <0.3.5 - Open Redirect
AnyComment < 0.3.5 - Open Redirect
18RISCO
abrir
Nucleicritical
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
18RISCO
abrir
Nucleihigh
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
60RISCO
abrir
Nucleimedium
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
Elementor < 3.4.8 - DOM Cross-Site-Scripting
23RISCO
abrir
Nucleimedium
WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Contest Gallery < 13.1.0.6 - SQL injection
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
23RISCO
abrir
Nucleihigh
WordPress Qubely < 1.8.6 - Unauthenticated Email Sending
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
18RISCO
abrir
Nucleihigh
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
40RISCO
abrir
Nucleimedium
WordPress Domain Check <1.0.17 - Cross-Site Scripting
Domain Check < 1.0.17 - Reflected Cross-Site Scripting
43RISCO
abrir
anteriorpágina 47 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.