Vulnerabilities with Nuclei Scanner Templates

Updated 9m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,727 CVEs tracked 53,701 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,078 Nuclei templates 52,396 vendors 43,936 researchers
4,078 results Clear all
CVE-2022-0250 6.1 MEDIUM NUCLEI EPSS 0.03
Redirection for Contact Form 7 <2.5.0 - XSS
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
CWE-79 Jul 04, 2022
CVE-2022-2290 6.1 MEDIUM EXPLOITED 1 Writeup NUCLEI EPSS 0.07
Trilium < 0.52.4 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
CWE-79 Jul 03, 2022
CVE-2022-2185 9.9 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.90
GitLab <14.10.5-15.1.1 - Authenticated RCE
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
CWE-78 Jul 01, 2022
CVE-2022-1916 6.1 MEDIUM EXPLOITED NUCLEI EPSS 0.05
WooCommerce <1.0.5 - XSS
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
CWE-79 Jun 27, 2022
CVE-2022-1904 6.1 MEDIUM NUCLEI EPSS 0.02
Pricing Tables WP Plugin <3.2.1 - XSS
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting
CWE-79 Jun 27, 2022
CVE-2022-1903 8.1 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.83
ARMember <3.4.8 - Auth Bypass
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
CWE-862 Jun 27, 2022
CVE-2022-1574 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.73
Html2wp < 1.0.0 - Missing Authorization
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
CWE-862 Jun 27, 2022
CVE-2022-1029 4.8 MEDIUM NUCLEI EPSS 0.00
Miniorange Limit Login Attempts < 4.0.72 - XSS
The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
CWE-79 Jun 27, 2022
CVE-2022-2174 6.1 MEDIUM 1 Writeup NUCLEI EPSS 0.28
microweber/microweber <1.2.18 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
CWE-79 Jun 22, 2022
CVE-2022-2130 6.1 MEDIUM 1 Writeup NUCLEI EPSS 0.45
microweber/microweber <1.2.17 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
CWE-79 Jun 20, 2022
CVE-2022-1768 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.86
Carrcommunications Rsvpmaker < 9.3.2 - SQL Injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
CWE-89 Jun 13, 2022
CVE-2022-1756 6.1 MEDIUM NUCLEI EPSS 0.03
Newsletter < 7.4.5 - XSS
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
CWE-79 Jun 13, 2022
CVE-2022-1724 6.1 MEDIUM NUCLEI EPSS 0.05
Simple-membership-plugin Simple Membership < 4.1.1 - XSS
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
CWE-79 Jun 13, 2022
CVE-2022-1595 5.3 MEDIUM NUCLEI EPSS 0.29
HC Custom Wp-admin Url < 1.4 - Information Disclosure
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request
CWE-200 Jun 13, 2022
CVE-2022-0885 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.66
Memberhero Member Hero < 1.0.9 - Missing Authorization
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
CWE-862 Jun 13, 2022
CVE-2022-0827 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.64
Presspage Bestbooks < 2.6.3 - SQL Injection
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CWE-89 Jun 13, 2022
CVE-2022-0786 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.67
KiviCare <2.3.9 - SQL Injection
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
CWE-89 Jun 13, 2022
CVE-2022-1598 5.3 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.32
2code Wpqa Builder < 5.4 - Missing Authentication
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
CWE-306 Jun 08, 2022
CVE-2022-1597 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.24
2code Wpqa Builder < 5.4 - XSS
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks
CWE-79 Jun 08, 2022
CVE-2022-0788 9.8 CRITICAL NUCLEI EPSS 0.48
WP Fundraising Donation <1.5.0 - SQL Injection
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
CWE-89 Jun 08, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation