Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleicritical
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
60RISCO
abrir
Nucleimedium
Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
Registrations for the Events Calendar < 2.7.6 - SQL Injection
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
18RISCO
abrir
Nucleicritical
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
60RISCO
abrir
Nucleimedium
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
18RISCO
abrir
Nucleimedium
Blog2Social < 6.8.7 - Cross-Site Scripting
Blog2Social < 6.8.7 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleihigh
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion
18RISCO
abrir
Nucleimedium
Paid Memberships Pro < 2.6.6 - Cross-Site Scripting
Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Super Socializer <7.13.30 - Cross-Site Scripting
Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Guppy <=1.1 - Information Disclosure
WP Guppy < 1.3 - Sensitive Information Disclosure
18RISCO
abrir
Nucleicritical
WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
WPCargo < 6.9.0 - Unauthenticated RCE
50RISCO
abrir
Nucleimedium
The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
Code Snippets < 2.14.3 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Chaty < 2.8.2 - Cross-Site Scripting
Chaty < 2.8.3 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleimedium
WordPress Event Tickets < 5.2.2 - Open Redirect
Event Tickets < 5.2.2 - Open Redirect
18RISCO
abrir
Nucleicritical
PublishPress Capabilities < 2.3.1 - Missing Authorization
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
38RISCO
abrir
Nucleimedium
Noptin < 1.6.5 - Open Redirect
Noptin < 1.6.5 - Open Redirect
18RISCO
abrir
Nucleihigh
WordPress Button Generator <2.3.3 - Remote File Inclusion
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
18RISCO
abrir
Nucleimedium
WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleimedium
WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleimedium
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleimedium
Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)
18RISCO
abrir
Nucleimedium
WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
18RISCO
abrir
Nucleilow
WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS
18RISCO
abrir
Nucleimedium
Affiliates Manager < 2.9.0 - Cross Site Scripting
Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting
18RISCO
abrir
Nucleimedium
Contact Form Entries < 1.2.4 - Cross-Site Scripting
Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleicritical
WordPress Popup Builder < 4.0.7 - Remote Code Execution
Popup Builder < 4.0.7 - LFI to RCE
18RISCO
abrir
Nucleimedium
WOOF WordPress plugin - Cross-Site Scripting
WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting
18RISCO
abrir
Nucleihigh
Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution
Tatsu < 3.3.12 - Unauthenticated RCE
60RISCO
abrir
anteriorpágina 48 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.