Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
Unauthenticated Arbitrary SQL Execution in WordPress Tax Service Electronic HDM Plugin (CVE-2025-12061)
CVE-2025-12061 · wpscan.com · 2025-11-26
Tax Service Electronic HDM < 1.2.1
Read more
Low
WordPress youforms-free-for-copecart XSS Vulnerability (CVE-2021-24596)
CVE-2021-24596 · wpscan.com · 2025-11-20
youforms-free-for-copecart <= 1.0.5
Read more
High
LearnPress File Upload and Path Traversal Vulnerability Analysis
github.com · 2025-11-19
LearnPress <= 4.1.4.2
Read more
High
WavePlayer < 3.8.0 Unauthenticated Arbitrary File Upload RCE (CVE-2025-12057)
CVE-2025-12057 · wpscan.com · 2025-11-19
WavePlayer < 3.8.0
Read more
Medium
NEX-Forms < 7.9.7 Authenticated SQL Injection (CVE-2022-3142)
CVE-2022-3142 · wpscan.com · 2025-11-14
NEX-Forms < 7.9.7
Read more
Medium
WordPress IP2Location Country Blocker Arbitrary Country Ban via Broken Access Control (CVE-2021-25095)
CVE-2021-25095 · wpscan.com · 2025-11-14
ip2location-country-blocker < 2.26.5
Read more
Medium
CVE-2021-24906: Unauthenticated Plugin Deactivation in Protect WP Admin < 3.6.2
CVE-2021-24906 · wpscan.com · 2025-11-13
protect-wp-admin < 3.6.2
Read more
Medium
Stored XSS in WordPress WP Photo Album Plus < 8.0.10 (CVE-2021-25115)
CVE-2021-25115 · wpscan.com · 2025-11-13
WP Photo Album Plus < 8.0.10
Read more
High
WordPress Supportboard Plugin CSRF Arbitrary File Deletion (CVE-2021-24823)
CVE-2021-24823 · wpscan.com · 2025-11-12
Support Board < 3.3.6
Read more
High
ProfileGrid <5.3.1 Unauthenticated Arbitrary Password Reset (CVE-2023-0940)
CVE-2023-0940 · wpscan.com · 2025-11-11
profilegrid-user-profiles-groups-and-communities < 5.3.1
Read more
High
WordPress Plugin wp-login-control Reflected XSS Vulnerability (CVE-2024-13836)
CVE-2024-13836 · wpscan.com · 2025-11-11
wp-login-control <= 2.0.0
Read more
Medium
WordPress ActivityPub Plugin <1.0.0 Stored XSS Vulnerability (CVE-2023-5057)
CVE-2023-5057 · wpscan.com · 2025-11-11
ActivityPub for WordPress < 1.0.0
Read more
Low
CVE-2024-12769: Stored XSS in simple-banner WordPress Plugin
CVE-2024-12769 · wpscan.com · 2025-11-10
Simple Banner < 3.0.4
Read more
High
WordPress BackWPup Directory Traversal Sensitive Data Disclosure (CVE-2023-7164)
CVE-2023-7164 · wpscan.com · 2025-11-10
BackWPup < 4.0.4
Read more
High
WPB Show Core < 2.6 Reflected XSS Vulnerability (CVE-2024-1292)
CVE-2024-1292 · wpscan.com · 2025-11-10
wpb-show-core < 2.6
Read more
Critical
WordPress Sitemap by click5 < 1.0.36 Unauthenticated Arbitrary Options Update (CVE-2022-0952)
CVE-2022-0952 · wpscan.com · 2025-11-10
sitemap-by-click5 < 1.0.36
Read more
Medium
Hotscot Contact Form < 1.3 SQL Injection Vulnerability (CVE-2021-24777)
CVE-2021-24777 · wpscan.com · 2025-11-10
Hotscot Contact Form < 1.3
Read more
High
WordPress Pie Register Reflected XSS Vulnerability (CVE-2021-24239)
CVE-2021-24239 · wpscan.com · 2025-11-09
Pie Register < 3.7.0.1
Read more
Critical
WooCommerce Return Refund and Exchange < 4.0.9 Unauthenticated Arbitrary File Upload to RCE (CVE-2022-4047)
CVE-2022-4047 · wpscan.com · 2025-11-09
WooCommerce Return Refund and Exchange For Plugin < 4.0.9
Read more
High
Unauthenticated SQL Injection in Registrations for the Events Calendar < 2.7.6 (CVE-2021-24943)
CVE-2021-24943 · wpscan.com · 2025-11-09
registrations-for-the-events-calendar < 2.7.6
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.