Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 28775+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 9.8
Seagull BarTender Unauthenticated RCE via .NET Remoting Deserialization (CVE-2026-25550)
www.vulncheck.com · 2026-06-13

### Vulnerability Overview An unauthenticated Remote Code Execution (RCE) vulnerability exists in Seagull Software BarTender versions 2010, 2016, and 2019. This vulnerability resides in the .NET Remot…

Read more
CVSS 8.2
Simply Poll <= 1.4.1 WordPress Plugin SQL Injection Vulnerability (CVE-2016-20062)
www.vulncheck.com · 2026-06-13

# Vulnerability Overview - **Vulnerability Name**: Simply Poll 1.4.1 Plugin for WordPress SQL Injection - **CVE ID**: CVE-2016-20062 - **CWE ID**: CWE-89 (Improper Neutralization of Special Elements u…

Read more
CVSS 9.8
WordPress Plugin Ad Manager WD Arbitrary File Download Vulnerability (CVE-2021-23727) with POC
www.vulncheck.com · 2026-06-13

# WordPress Plugin ad-manager-wd 1.0.11 Arbitrary File Download ## Vulnerability Overview WordPress Plugin ad-manager-wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenti…

Read more
CVSS 8.2
WordPress Car Park Booking Plugin Unauthenticated Time-based SQL Injection
www.vulncheck.com · 2026-06-13

# WordPress Car Park Booking Plugin SQL Injection via space_id ## Vulnerability Overview The WordPress Car Park Booking Plugin version dated October 13, 2017 contains a time-based SQL injection vulner…

Read more
CVSS 9.8
WordPress Insert PHP Plugin Pre-Auth Remote Code Injection via REST API (CVE-2017-20251)
www.vulncheck.com · 2026-06-13

# WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API ## Vulnerability Overview The WordPress Insert PHP plugin versions prior to 3.3.1 contain a PHP code injection vulnerability that al…

Read more
Premium intel
CVSS 9.8
WordPress Background Image Cropper 1.2 RCE via Unrestricted File Upload (CVE-2024-58348)
www.vulncheck.com · 2026-06-13

# WordPress Background Image Cropper 1.2 Remote Code Execution Vulnerability ## Vulnerability Overview WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability, al…

Read more
CVSS 9.8
WordPress Hybrid Composer 1.4.6 Unauthenticated Administrator Privilege Escalation via hc_ajax_save_option (CVE-2019-257
www.vulncheck.com · 2026-06-13

# WordPress Hybrid Composer 1.4.6 Unauthorized Setting Change Vulnerability ## Vulnerability Overview WordPress Hybrid Composer 1.4.6 contains an unauthorized setting change vulnerability that allows …

Read more
CVSS 8.2
WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection Vulnerability (CVE-2017-20249) Advisory
www.vulncheck.com · 2026-06-13

# WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection ## Vulnerability Overview Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject m…

Read more
CVSS 7.5
WordPress Apptha Slider Gallery 1.0 Path Traversal Vulnerability (CVE-2017-20248)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download ## Vulnerability Overview - **CVE**: CVE-2017-20248 - **CWE**: CWE-22 Improper Limitation of a Pathname to a Restricted Direct…

Read more
CVSS 8.2
Pre-Auth Time-Based Blind SQL Injection in WordPress Google Review Slider <= 6.1 (CVE-2023-25745)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Google Review Slider 6.1 SQL Injection via tid ## Vulnerability Overview WordPress Plugin Google Review Slider version 6.1 contains a time-based blind SQL injection vulnerability, w…

Read more
CVSS 7.5
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download via Path Traversal (CVE-2017-20250)
www.vulncheck.com · 2026-06-13

# WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download ## Vulnerability Overview Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to downlo…

Read more
CVSS 6.4
WordPress Stripe Payments Plugin 2.0.39 Stored XSS via currency_code (CVE-2021-47983) with POC
www.vulncheck.com · 2026-06-13

# WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code ## Vulnerability Overview WordPress Plugin Stripe Payments version 2.0.39 contains a stored Cross-Site Scripting (XSS) vulnerabil…

Read more
CVSS 7.2
WordPress Sonaar Music Plugin <= 4.7 Stored XSS (CVE-2023-54351)
www.vulncheck.com · 2026-06-13

# WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments ## Vulnerability Overview The WordPress Sonaar Music Plugin version 4.7 contains a stored cross-site scripting (XSS) vulnerability, allowing…

Read more
Premium intel
CVSS 9.8
WordPress Travelscape Arbitrary File Upload and RCE (CVE-2024-58349) with POC
www.vulncheck.com · 2026-06-13

# Arbitrary File Upload Vulnerability in WordPress Theme Travelscape 1.0.3 ## Vulnerability Overview WordPress Theme Travelscape version 1.0.3 contains an arbitrary file upload vulnerability. This all…

Read more
CVSS 8.2
Wow Forms WordPress Plugin 2.1 SQL Injection Vulnerability (CVE-2017-20244)
www.vulncheck.com · 2026-06-13

# Wow Forms WordPress Plugin 2.1 SQL Injection ## Vulnerability Overview Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability, allowing unauthenticated attackers to read arbi…

Read more
CVSS 5.4
Persistent XSS in WordPress Zoner Real Estate Theme <= 4.1.1 (CVE-2019-25742)
www.vulncheck.com · 2026-06-13

# Persistent XSS Vulnerability in WordPress Theme Zoner Real Estate 4.1.1 ## Vulnerability Overview WordPress theme Zoner Real Estate version 4.1.1 contains a persistent Cross-Site Scripting (XSS) vul…

Read more
CVSS 8.2
Wow Viral Signups WordPress Plugin SQL Injection Vulnerability (CVE-2017-20245)
www.vulncheck.com · 2026-06-13

# Wow Viral Signups 2.1 WordPress Plugin SQL Injection ## Vulnerability Overview The Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attacker…

Read more
CVSS 5.3
MapPress Maps for WordPress <= 2.96.6 Unauthenticated IDOR via REST API (CVE-2026-8839)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: MapPress Maps for WordPress "__return_true"`, while write endpoints (POST update, DELETE, PATCH, mutate, POST clone, POST empty/delete) only check …

Read more
CVSS 6.4
WP GDPR Cookie Consent Stored XSS via 'ninja_gdpr_ajax_actions' (CVE-2026-8977)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action - **Vulnerabili…

Read more
Premium intel
CVSS 8.1
UpdraftPlus Plugin Unauth Auth Bypass to RCE (CVE-2026-10795)
www.wordfence.com · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 (free) < 2.26.5 (premium) - Unauthenticated Authentication Bypass via UpdraftCentral udrcp - **…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.