Lucene search
+L

100261 matches found

GithubExploit
GithubExploit
added 55 minutes ago6 views

Exploit for CVE-2026-60137

wp2shell — WordPress Core Pre-Auth RCE CVE-2026-63030 Ba...

9.8CVSS0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for CVE-2026-63030

wp2shell Pre-Authentication Remote Code Execution in WordPres...

9.8CVSS0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday25 views

Exploit for CVE-2026-63030

CVE-2026-63030 The WordPress REST API batch routing confusi...

9.8CVSS7AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday22 views

Exploit for CVE-2026-60137

wp2shell-detect Blackbox, non-intrusive detector for wp...

9.8CVSS6AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday23 views

Exploit for CVE-2026-63030

wp2shell-scan A scanner and proof-of-concept toolkit for CVE-202...

9.8CVSS7.1AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday22 views

wp2shell_stock_chain

wp2shell stock-core chain Authorized-testing proof of concept...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added yesterday26 views

Exploit for CVE-2026-63030

wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...

9.8CVSS6.7AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday29 views

wp2shell

wp2shell WordPress REST batch route-confusion blind SQL injec...

9.8CVSS5.9AI score0.08946EPSS
Exploits30
Imperva Blog
Imperva Blog
added yesterday10 views

Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core

TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...

9.8CVSS6.8AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday20 views

Exploit for CVE-2026-63030

wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...

9.8CVSS6.4AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday33 views

Exploit for CVE-2026-60137

CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...

9.8CVSS6.9AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday34 views

Exploit for CVE-2026-63030

wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...

9.8CVSS6.2AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday32 views

wp2shell-go

wp2shell-go A Go port of the wp2shell PoC. It targets the una...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added yesterday36 views

wp2shell

wp2shell-check Non-intrusive checker for CVE-2026-63030 /...

9.8CVSS6AI score0.08946EPSS
Exploits30
GithubExploit
GithubExploit
added yesterday33 views

wp2shell-PoC

wp2shell — CVE-2026-63030 + CVE-2026-60137 WordPress Pre-Auth...

9.8CVSS5.9AI score0.08946EPSS
Exploits30
Nuclei
Nuclei
added yesterday72 views

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...

10CVSS8.4AI score0.09733EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday100 views

WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting

WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...

6.1CVSS5.8AI score0.17638EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday38 views

Chaty < 2.8.2 - Cross-Site Scripting

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...

6.1CVSS6.2AI score0.01798EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday69 views

Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...

6.1CVSS5.7AI score0.02295EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday86 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS7.5AI score0.0968EPSS
Exploits3References3
Rows per page
Query Builder