Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 15.562 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 169 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 15.420

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass CVE-2023-3139	Network Scanner	Sep 16, 2025	Medium(6.1)	0.01	0.27	No
User Profile Picture < 2.5.0 - Sensitive Information Disclosure CVE-2021-24170	Network Scanner	Sep 16, 2025	High(7.5)	0.01	0.68	No
WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting CVE-2019-9881	Network Scanner	Sep 16, 2025	Medium(5.3)	0.22	0.96	No
WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation CVE-2024-4898	Network Scanner	Sep 16, 2025	Critical(9.8)	0.5	0.98	No
WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via `log` Parameter CVE-2020-27615	Network Scanner	Sep 16, 2025	Critical(9.8)	0.61	0.99	No
MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution CVE-2025-49596	Network Scanner	Sep 16, 2025	Critical	0.01	0.54	No
Flowise Installation Wizard - Exposure	Network Scanner	Sep 16, 2025	High	N/A	N/A	No
Images to WebP < 1.9 - Authenticated Local File Inclusion CVE-2021-24644	Network Scanner	Sep 16, 2025	High(7.5)	0.01	0.75	No
XXL-JOB v2.2.0 — Stored Cross Site Scripting CVE-2020-23814	Network Scanner	Sep 16, 2025	Medium(6.1)	0.01	0.62	No
WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS CVE-2023-6000	Network Scanner	Sep 16, 2025	Medium(6.1)	0.11	0.93	No
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint CVE-2020-11515	Network Scanner	Sep 16, 2025	Medium(6.1)	0.01	0.63	No
WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload CVE-2014-8739	Network Scanner	Sep 16, 2025	Critical(9.8)	0.79	1	No
WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection CVE-2023-0037	Network Scanner	Sep 16, 2025	Critical(9.8)	0.01	0.68	No
Flowise <= 3.0.5 - Account Takeover CVE-2025-58434	Network Scanner	Sep 16, 2025	Critical(9.8)	0.01	0.2	No
Acronis Cyber Infrastructure - Default Password CVE-2023-45249	Network Scanner	Sep 16, 2025	Critical(9.8)	0.77	0.99	No
WordPress FluentForms <= 5.1.16 - Broken Access Control CVE-2024-2782	Network Scanner	Sep 16, 2025	High(7.5)	0.01	0.69	No
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting CVE-2021-24876	Network Scanner	Sep 16, 2025	Medium(6.1)	0.01	0.44	No
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint CVE-2020-11514	Network Scanner	Sep 16, 2025	Critical(9.8)	0.05	0.89	No
Microsoft FrontPage Configuration - Exposure	Network Scanner	Sep 15, 2025	Low	N/A	N/A	No
GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection CVE-2024-8353	Network Scanner	Sep 15, 2025	Critical(10)	0.69	0.99	No
OpenMetadata - Admin User Enumeration	Network Scanner	Sep 15, 2025	Medium	N/A	N/A	No
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation CVE-2025-3605	Network Scanner	Sep 13, 2025	Critical(9.8)	0.33	0.97	No
Phoenix Contact CHARX SEC-3XXX AC Controller < 1.7.3 - Multiple Vulnerabilities	Network Scanner	Sep 12, 2025	Critical	N/A	N/A	No
Fortinet SSL-VPN - Heap-Based Buffer Overflow CVE-2022-42475	Network Scanner	Sep 12, 2025	Critical(9.8)	0.95	1	No
Memos 0.13.2 - Server-Side Request Forgery CVE-2024-29030	Network Scanner	Sep 12, 2025	Medium(6.1)	0.08	0.92	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies.

48,000+ security folks are here. Are you?

More than demos - real faces, real insight.

Security leaders trust what they can prove