Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.188 exploits
Nucleicritical
10Web Photo Gallery < 1.5.55 - SQL Injection
Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
18RISCO
abrir ↗Nucleihigh
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISCO
abrir ↗Nucleihigh
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
50RISCO
abrir ↗Nucleihigh
WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF
18RISCO
abrir ↗Nucleihigh
WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISCO
abrir ↗Nucleimedium
WordPress Ninja Forms <3.4.34 - Open Redirect
Ninja Forms < 3.4.34 - Administrator Open Redirect
18RISCO
abrir ↗Nucleimedium
WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
43RISCO
abrir ↗Nucleihigh
User Profile Picture < 2.5.0 - Sensitive Information Disclosure
User Profile Picture < 2.5.0 - Sensitive Information Disclosure
18RISCO
abrir ↗Nucleicritical
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
23RISCO
abrir ↗Nucleimedium
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
18RISCO
abrir ↗Nucleimedium
WordPress PhastPress <1.111 - Open Redirect
PhastPress < 1.111 - Open Redirect
18RISCO
abrir ↗Nucleicritical
WooCommerce Help Scout - Arbitrary File Upload
WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
18RISCO
abrir ↗Nucleimedium
GiveWP <= 2.9.7 - Cross-Site Scripting
GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
18RISCO
abrir ↗Nucleimedium
WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
18RISCO
abrir ↗Nucleicritical
Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
18RISCO
abrir ↗Nucleimedium
All Thrive Themes and Plugins - Unauthenticated Option Update
All Thrive Themes and Plugins - Unauthenticated Option Update
18RISCO
abrir ↗Nucleicritical
Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload
All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
18RISCO
abrir ↗Nucleihigh
AccessAlly <3.5.7 - Sensitive Information Leakage
AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
18RISCO
abrir ↗Nucleihigh
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
18RISCO
abrir ↗Nucleimedium
WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS
18RISCO
abrir ↗Nucleicritical
WordPress Imagements <=1.2.5 - Arbitrary File Upload
Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE
18RISCO
abrir ↗Nucleimedium
WordPress Realteo <=1.2.3 - Cross-Site Scripting
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
18RISCO
abrir ↗Nucleimedium
WordPress Pie Register <3.7.0.1 - Cross-Site Scripting
Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
18RISCO
abrir ↗Nucleimedium
WordPress Stop Spammers <2021.9 - Cross-Site Scripting
Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
38RISCO
abrir ↗Nucleimedium
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir ↗Nucleimedium
Popup by Supsystic <1.10.5 - Cross-Site scripting
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir ↗Nucleimedium
WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
43RISCO
abrir ↗Nucleihigh
WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
18RISCO
abrir ↗Nucleicritical
WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload
30RISCO
abrir ↗Nucleicritical
WordPress Car Seller - Auto Classifieds Script - SQL Injection
Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
23RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.