Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29728+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.2
fv-wordpress-flowplayer preg_replace RCE vulnerability advisory (CVE-XXXX)
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability involves the `controller/frontend.php` file in the `fv-wordpress-flowplayer` plugin. It allows attackers to execute arbitrary code by crafting malicious c…

Read more
CVSS 8.8
events-for-geodirectory WordPress Plugin Input Validation Vulnerability Analysis and Fix
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability affects multiple files within the `events-for-geodirectory` plugin. The primary issue is insufficient validation and sanitization of input data, which cou…

Read more
CVSS 4.4
wp-google-map-plugin CSS Injection Vulnerability Advisory
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability involves the `wp-google-map-plugin` plugin, specifically within the `assets/css/wpgmss_all_backend.css` file. The vulnerability type is CSS Injection, whi…

Read more
CVSS 6.4
EmbedPress Plugin Multiple File Vulnerability Advisory (v4.5.4-v4.5.4.4)
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: embedpress plugin vulnerability - **Vulnerability Description**: This vulnerability involves multiple files within the `embedpress` plugin; however…

Read more
CVSS 4.3
feedzy-rss-feeds Privilege Escalation Vulnerability Fix and Patch Analysis
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability affects multiple files within the `feedzy-rss-feeds` plugin. The core issues lie in insufficient permission checks and inadequate input validation. Attack…

Read more
CVSS 4.3
WordPress page-list Plugin Unauthorized Content Disclosure Vulnerability and Patch
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability pertains to a security issue in the WordPress plugin `page-list`, specifically an unauthorized content disclosure flaw. Attackers can exploit modified sho…

Read more
CVSS 4.9
optinCraft plugin v1.2.1 vulnerability patch
plugins.trac.wordpress.org · 2026-06-13

Based on the provided webpage screenshot, here is a summary of the key information regarding the vulnerability: ### Vulnerability Overview - **Vulnerability Name**: optinCraft Plugin Update - **Timest…

Read more
CVSS 4.4
WordPress quick-playground plugin file upload vulnerability fix
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Affected Component**: quick-playground plugin - **Remediation**: Update the plugin version ### Scope of Impact - **Affec…

Read more
CVSS 5.3
WordPress plugin event-monster v2.1.1 patches CSRF, SQLi, and SSRF vulnerabilities
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview The provided screenshot displays the changelog for the WordPress plugin "event-monster." In version 2.1.1, several security vulnerabilities were resolved, including: 1. **Cr…

Read more
CVSS 7.5
WordPress wp-user-manager Plugin Path Traversal Vulnerability Fix Analysis
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability affects multiple files within the WordPress plugin `wp-user-manager`. The core issue lies in insufficient input validation, which can lead to Path Travers…

Read more
CVSS 4.3
KLAMRA PayCal for ASPAClaria Plugin Insecure Direct Object Reference Fix
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: 3555026 - **Plugin Name**: klamra-paycal-for-aspaclaria - **Author**: klamra22 - **Release Date**: May 30, 2026, 09:20:05 PM (13 days ago) - **Vulner…

Read more
CVSS 5.3
WPForms PayPal Commerce Webhook Signature Verification Fix
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability involves code changes in the `wpforms-lite/trunk/src/Integrations/PayPalCommerce/Api/WebhookRoute.php` file. The core issue lies in a flaw in the webhook …

Read more
CVSS 6.4
Presto Player 4.2.1 Patch: Fixes Shortcode Handling in Shortcodes.php
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview - **Description**: A change was introduced in `presto-player/trunk/inc/Services/Shortcodes.php` upon updating to version 4.2.1. - **Timestamp**: May 29, 2026, 09:31:03 AM (2…

Read more
CVSS 9.8
hippoo plugin 1.9.5 security update fixes permission validation issues
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: hippoo plugin version update - **Vulnerability Description**: Update to version 1.9.5, which fixes multiple security issues. ### Affected Scope - *…

Read more
CVSS 4.3
WordPress plugin charitable BOLA vulnerability analysis and fix
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability affects the `class-charitable-profile-form.php` file within the WordPress plugin `charitable`. The specific issue lies in the handling of user avatar uplo…

Read more
Premium intel
CVSS 8.1
UpdraftPlus Plugin Message Signature Verification Bypass via Misused RSA Keys
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview This vulnerability concerns the `class-udrp-c.php` file within the `updraftplus` plugin. The specific issue is that the RSA key pair (one for encryption, the other for decry…

Read more
CVSS 6.4
WordPress accordions plugin Pre-Auth Stored XSS via Accordion Body Field fix analysis
plugins.trac.wordpress.org · 2026-06-13

### Vulnerability Overview The screenshot depicts the update log for a WordPress plugin, which mentions the fix for a security vulnerability. The specific vulnerability is an “Authenticated (Custom) S…

Read more
Linux Kernel io_uring Arbitrary Kernel Memory Read Vulnerability (CVE-2026-49073) with POC
project-zero.issues.chromium.org · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-49073 - **Vulnerability Type**: Kernel Memory Read Vulnerability - **Vulnerability Description**: In `io_uring`, there are three code paths …

Read more
Waves Central Local Privilege Escalation via DYLIB Injection and XPC PID Reuse (CVE-2026-24064/24065)
r.sec-consult.com · 2026-06-13

### Vulnerability Overview Waves Central contains several local privilege escalation vulnerabilities, specifically: 1. **Local Privilege Escalation via DYLIB Injection (CVE-2026-24064)** - During inst…

Read more
CVE-2026-24066/24067: Local Privilege Escalation in Slate Digital Connect (macOS) with POC
r.sec-consult.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: Local Privilege Escalation in Slate Digital Connect (macOS) - **CVE IDs**: CVE-2026-24066, CVE-2026-24067 - **Affected Versions**: Slate Digital Co…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.