Vulnerabilities with Nuclei Scanner Templates

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,544 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,344 vendors 43,890 researchers
4,077 results Clear all
CVE-2021-25008 6.1 MEDIUM NUCLEI EPSS 0.03
Code Snippets WP <2.14.3 - XSS
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue
CWE-79 Jan 24, 2022
CVE-2021-25067 5.4 MEDIUM NUCLEI EPSS 0.08
Landing Page Builder <1.4.9.6 - XSS
The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.
CWE-79 Jan 17, 2022
CVE-2021-25065 5.4 MEDIUM NUCLEI EPSS 0.03
Smash Balloon Social Post Feed <4.1.1 - XSS
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
CWE-79 Jan 17, 2022
CVE-2021-24838 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.02
AnyComment WordPress <0.3.5 - Open Redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
CWE-601 Jan 17, 2022
CVE-2021-25052 8.8 HIGH NUCLEI EPSS 0.42
Button Generator <2.3.3 - CSRF RCE
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
CWE-352 Jan 10, 2022
CVE-2021-25032 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.82
PublishPress Capabilities <2.3.1 - CSRF
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
CWE-862 Jan 10, 2022
CVE-2021-24862 7.2 HIGH 2 PoCs Analysis NUCLEI EPSS 0.35
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CWE-89 Jan 10, 2022
CVE-2021-25016 6.1 MEDIUM NUCLEI EPSS 0.16
Chaty <2.8.3-2.8.2 - XSS
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
CWE-79 Jan 03, 2022
CVE-2021-24991 4.8 MEDIUM NUCLEI EPSS 0.03
WooCommerce PDF Invoices & Packing Slips <2.10.5 - XSS
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
CWE-79 Jan 03, 2022
CVE-2021-24786 7.2 HIGH 1 PoC Analysis NUCLEI EPSS 0.02
WordPress Download Monitor <4.4.5 - SQL Injection
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
CWE-89 Jan 03, 2022
CVE-2021-20167 8.0 HIGH EXPLOITED NUCLEI EPSS 0.79
Netgear Rax43 Firmware - Command Injection
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
CWE-77 Dec 30, 2021
CVE-2021-20158 9.8 CRITICAL NUCLEI EPSS 0.80
Trendnet Tew-827dru Firmware - Missing Authentication
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.
CWE-306 Dec 30, 2021
CVE-2021-20150 5.3 MEDIUM NUCLEI EPSS 0.35
Trendnet Tew-827dru Firmware - Missing Authentication
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
CWE-306 Dec 30, 2021
CVE-2021-24997 6.5 MEDIUM 1 Writeup NUCLEI EPSS 0.05
WP Guppy WordPress <1.3 - Info Disclosure
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
CWE-862 Dec 27, 2021
CVE-2021-24979 6.1 MEDIUM NUCLEI EPSS 0.03
Paid Memberships Pro <2.6.6 - XSS
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CWE-79 Dec 27, 2021
CVE-2021-21881 9.9 CRITICAL EXPLOITED NUCLEI EPSS 0.92
Lantronix Premierwave 2050 Firmware - OS Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CWE-78 Dec 22, 2021
CVE-2021-24956 6.1 MEDIUM NUCLEI EPSS 0.02
Blog2Social <6.8.7 - XSS
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
CWE-79 Dec 21, 2021
CVE-2021-24849 9.8 CRITICAL NUCLEI EPSS 0.75
WCFM Marketplace <3.4.12 - SQL Injection
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
CWE-89 Dec 21, 2021
CVE-2021-24750 8.8 HIGH EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.70
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
CWE-89 Dec 21, 2021
CVE-2021-22054 7.5 HIGH KEV 1 PoC Analysis NUCLEI EPSS 0.94
Vmware Workspace One Uem Console < 20.0.8.36 - SSRF
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CWE-918 Dec 17, 2021

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation