Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4191 exploits
Nucleimedium
WordPress Simple Job Board - Unauthorized Data Access
Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
28RIESGO
abrir ↗Nucleihigh
Give WP Plugin < 3.19.0 - Cross-Site Scripting
Give < 3.19.0 - Reflected XSS
28RIESGO
abrir ↗Nucleicritical
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
75RIESGO
abrir ↗Nucleimedium
W3 Total Cache < 2.8.2 - Log File Exposure
W3 Total Cache <= 2.8.1 Information Exposure via Log Files
28RIESGO
abrir ↗Nucleihigh
WordPress Collapsing Categories <= 3.0.8 - SQL Injection
Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection
56RIESGO
abrir ↗Nucleimedium
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API
28RIESGO
abrir ↗Nucleimedium
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments
28RIESGO
abrir ↗Nucleimedium
LearnDash LMS < 4.10.2 - Sensitive Information Exposure
LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API
28RIESGO
abrir ↗Nucleicritical
Progress Kemp LoadMaster - Command Injection
LoadMaster Pre-Authenticated OS Command Injection
100RIESGO
abrir ↗Nucleicritical
WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion
68RIESGO
abrir ↗Nucleimedium
PropertyHive < 2.1.1 - Cross-Site Scripting
PropertyHive < 2.1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting
Bulk Me Now <= 2.0 - Reflected XSS
36RIESGO
abrir ↗Nucleimedium
AffiliateImporterEb <= 1.0.6 - Reflected XSS
AffiliateImporterEb <= 1.0.6 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Advance Post Prefix WordPress plugin - Reflected XSS
Advance Post Prefix <= 1.1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WP BASE Booking - Reflected XSS
WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
28RIESGO
abrir ↗Nucleihigh
WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting
Competition Form <= 2.0 - Reflected XSS
36RIESGO
abrir ↗Nucleicritical
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
43RIESGO
abrir ↗Nucleihigh
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read
48RIESGO
abrir ↗Nucleimedium
Custom Field Manager WordPress - Cross-Site Scripting
Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
28RIESGO
abrir ↗Nucleimedium
Lazy Blocks <= 3.8.2 - Cross-Site Scripting
Custom Block Builder – Lazy Blocks < 3.8.3 - Reflected XSS
36RIESGO
abrir ↗Nucleicritical
DrayTek Vigor - Command Injection
DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection
100RIESGO
abrir ↗Nucleihigh
Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting
Dyn Business Panel <= 1.0.0 - Reflected XSS
36RIESGO
abrir ↗Nucleihigh
WP Triggers Lite - Cross-Site Scripting
WP Triggers Lite <= 2.5.3 - Reflected XSS
36RIESGO
abrir ↗Nucleimedium
WP Finance Plugin <= 1.3.6 - Cross-Site Scripting
WP Finance <= 1.3.6 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WordPress Email Newsletter - Reflected XSS
WP Email Newsletter <= 1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
Widget4Call WordPress - Cross-Site Scripting
Widget4call <= 1.0.7 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WP MediaTagger <= 4.1.1 - Cross-Site Scripting
WP MediaTagger <= 4.1.1 - Reflected XSS
28RIESGO
abrir ↗Nucleimedium
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
28RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.