Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.635 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 179 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Is exploitable with Sniper

Is in CISA catalog

Detectable with

Displaying 1 - 25 results out of 16.493

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	CVSSv3	EPSS Score	EPSS Percentile	Exploitable with Sniper
WordPress WPML Multilingual CMS < 4.6.1 - Cross-Site Scripting	Network Scanner	Feb 13, 2026	High	N/A	N/A	No
12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure CVE-2025-24582	Network Scanner	Feb 13, 2026	Medium(5.3)	0.01	0.33	No
ZimaOS - Authentication Bypass CVE-2026-21891	Network Scanner	Feb 13, 2026	Critical(9.4)	0.01	0.19	No
Quiz and Survey Master <= 8.1.4 - SQL Injection CVE-2023-28787	Network Scanner	Feb 13, 2026	High(8.6)	0.01	0.35	No
WordPress Download Manager <= 3.2.59 - Reflected XSS CVE-2022-45836	Network Scanner	Feb 12, 2026	High(7.1)	0.01	0.32	No
Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting CVE-2024-12638	Network Scanner	Feb 12, 2026	High(7.1)	0.01	0.77	No
SweetRice CMS 1.5.1 - Backup Disclosure	Network Scanner	Feb 12, 2026	Medium	N/A	N/A	No
WordPress Front End Users - Reflected XSS CVE-2024-13569	Network Scanner	Feb 12, 2026	High(7.1)	0.01	0.7	No
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting CVE-2024-13221	Network Scanner	Feb 12, 2026	Medium(6.1)	0.02	0.82	No
ChanCMS <= 3.1. - Remote Code Execution CVE-2025-8266	Network Scanner	Feb 12, 2026	Critical(6.3)	0.01	0.41	No
Pinger 1.0 - Remote Code Execution CVE-2020-37123	Network Scanner	Feb 12, 2026	Critical(9.8)	0.16	0.95	No
Privacy Policy Genius - Cross-Site Scripting CVE-2024-13219	Network Scanner	Feb 12, 2026	Medium(6.1)	0.01	0.71	No
Post Sync Plugin <= 1.1 - Cross-Site Scripting CVE-2024-13634	Network Scanner	Feb 12, 2026	Medium(6.1)	0.03	0.86	No
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - Unauthenticated SQL Injection CVE-2024-32128	Network Scanner	Feb 12, 2026	Critical(9.3)	0.18	0.95	No
ICTBroadcast - Command Injection CVE-2025-2611	Network Scanner	Feb 12, 2026	Critical(9.8)	0.73	0.99	No
Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting CVE-2024-13055	Network Scanner	Feb 12, 2026	High(7.1)	0.02	0.84	No
WordPress GamiPress <= 2.5.7 - SQL Injection CVE-2023-24000	Network Scanner	Feb 12, 2026	Critical(9.8)	0.01	0.55	No
Studiocart <= 2.9.0 - Cross-Site Scripting CVE-2024-14015	Network Scanner	Feb 12, 2026	Medium(7.1)	0.05	0.89	No
NUUO Camera <=20250203 - OS Command Injection CVE-2025-1338	Network Scanner	Feb 12, 2026	Critical(7.3)	0.03	0.86	No
Lazy Blocks <= 3.8.2 - Cross-Site Scripting CVE-2024-12878	Network Scanner	Feb 12, 2026	Medium(7.1)	0.03	0.85	No
Sangfor OSM - Arbitrary File Upload CVE-2025-15503	Network Scanner	Feb 12, 2026	Critical(7.3)	0.01	0.14	No
WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting CVE-2024-13570	Network Scanner	Feb 12, 2026	Medium(6.1)	0.01	0.69	No
WP Projects Portfolio <= 3.0 - Cross-Site Scripting CVE-2024-13114	Network Scanner	Feb 12, 2026	Medium(6.1)	0.03	0.84	No
Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS CVE-2026-25892	Network Scanner	Feb 12, 2026	High(7.5)	0.01	0.77	No
WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting CVE-2024-12749	Network Scanner	Feb 12, 2026	High(7.1)	0.01	0.77	No

Vulnerability & Exploit Database

One of EMEA's fastest-growing tech companies.

50,000+ security folks are here. Are you?

More than demos - real faces, real insight.

Security leaders trust what they can prove