Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.123 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 177 exploit modules in Sniper to validate the risk level of critical CVEs.

Name	Detectable with	Detection added	Severity	Exploitable with Sniper
Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution CVE-2025-13486	Network Scanner	Dec 15, 2025	Critical(9.8)	No
WordPress Coming Soon Page - Full Path Disclosure	Network Scanner	Dec 15, 2025	N/A	No
WordPress Astra - Full Path Disclosure	Network Scanner	Dec 15, 2025	N/A	No
Ambassador API Gateway Diagnostics - Exposure	Network Scanner	Dec 15, 2025	N/A	No
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution CVE-2017-18580	Network Scanner	Dec 15, 2025	High(8.8)	No
Limit Login Attempts - Stored Cross-Site Scripting CVE-2022-1029	Network Scanner	Dec 15, 2025	Medium(4.8)	No
WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure	Network Scanner	Dec 15, 2025	N/A	No
WordPress Plugin Max Mega Menu (megamenu) - Full Path Disclosure	Network Scanner	Dec 15, 2025	N/A	No
WordPress WP-PageNavi - Full Path Disclosure	Network Scanner	Dec 15, 2025	N/A	No
WordPress All in One SEO Pack - Full Path Disclosure	Network Scanner	Dec 14, 2025	N/A	No
WordPress ManageWP Worker - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
Advanced Custom Fields (ACF) - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
WordPress Plugin Google Tag Manager - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
WordPress Plugin Newsletter - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
WordPress Plugin reCaptcha by BestWebSoft (google-captcha) - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
Limit Login Attempts WordPress - Stored Cross-site Scripting CVE-2021-24657	Network Scanner	Dec 13, 2025	Medium(6.1)	No
React Server Components - Denial of Service CVE-2025-55184	Network Scanner	Dec 13, 2025	High(7.5)	No
WordPress Plugin SG Optimizer - Full Path Disclosure	Network Scanner	Dec 13, 2025	N/A	No
WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure	Network Scanner	Dec 12, 2025	N/A	No
WordPress Easy Google Fonts - Error Log Disclosure	Network Scanner	Dec 12, 2025	N/A	No
.buildpath - File Disclosure	Network Scanner	Dec 12, 2025	N/A	No
WordPress Importer - Error Log Disclosure	Network Scanner	Dec 12, 2025	N/A	No
XWiki - Information Disclosure CVE-2025-55749	Network Scanner	Dec 12, 2025	High(7.5)	No
Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution CVE-2025-34299	Network Scanner	Dec 12, 2025	Critical(9.8)	No
Nexus Repository Manager - Anonymous Access Enabled	Network Scanner	Dec 11, 2025	N/A	No