Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Medium
WordPress My Calendar <3.4.24 Authenticated Stored XSS Vulnerability (CVE-2024-1274)
CVE-2024-1274 · wpscan.com · 2025-11-09
My Calendar < 3.4.24
Read more
Medium
WordPress User Activity Log IP Spoofing Vulnerability (CVE-2023-4279)
CVE-2023-4279 · wpscan.com · 2025-11-09
user-activity-log < 1.6.7
Read more
Low
CVE-2023-2254 WordPress Ko-fi Button Plugin Stored XSS Vulnerability
CVE-2023-2254 · wpscan.com · 2025-11-09
Ko-fi Button < 1.3.3
Read more
High
WordPress Google Analytics Plugin Reflected XSS Vulnerability (CVE-2021-24438)
CVE-2021-24438 · wpscan.com · 2025-11-09
googleanalytics < 2.5.2
Read more
High
WordPress Quiz Maker Reflected XSS Vulnerability (CVE-2023-6166)
CVE-2023-6166 · wpscan.com · 2025-11-09
Quiz Maker < 6.4.9.5
Read more
WP Fastest Cache Unauthenticated SQL Injection (CVE-2023-6063) Analysis
wpscan.com · 2025-11-08

### Vulnerability Key Information - **Vulnerability Name**: Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 1.2.2 - **Affected Plugin**: WP Fastest Cache - **Plugin URL**: - …

Read more
CVE-2024-0420: MapPress Maps for WordPress < 2.88.15 Stored XSS Vulnerability
wpscan.com · 2025-11-07

Based on the provided screenshot, the following is key vulnerability information obtained from the WPScan website: - **Vulnerability Name**: MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored…

Read more
YaySMTP < 2.2.2 Stored XSS Vulnerability (CVE-2022-2372)
wpscan.com · 2025-11-07

- **Vulnerability:** - **Title:** YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting - **CVE:** CVE-2022-2372 - **Description:** The plugin does not sanitize and escape some of its settings, allowin…

Read more
Flexi Plugin < 4.20 Reflected XSS Vulnerability (CVE-2022-0449)
wpscan.com · 2025-11-07

### Key Information **Title**: Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting **Description**: - The plugin fails to sanitize and escape various parameters before outputting certain page…

Read more
WP Mail Log < 1.1.3 Contributor+ SQL Injection (CVE-2023-5645)
wpscan.com · 2025-11-07

- **Vulnerability Name**: WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint - **Description**: The plugin fails to properly sanitize and escape parameters before using them in SQL …

Read more
Easy Contact Form Pro <1.1.1.9 Authenticated Stored XSS (CVE-2021-24168)
wpscan.com · 2025-11-07

### Key Information #### Description - **Vulnerability Type**: Authenticated Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Easy Contact Form Pro <svg/onload=alert(/XSS)` #### References - *…

Read more
Jetpack < 12.1.1 Arbitrary File Manipulation and RCE via API (CVE-2023-2996)
wpscan.com · 2025-11-07

### Vulnerability Key Information - **Vulnerability Name**: Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API - **Description**: - The plugin does not validate uploaded files, allowing us…

Read more
Icegram < 2.1.8 Contributor+ Stored XSS Vulnerability (CVE-2022-1776)
wpscan.com · 2025-11-07

### Vulnerability Information **Title:** Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting **Description:** - The plugin does not sanitize and escape certain campaign parameters, which could …

Read more
WordPress Landing Page Builder Authenticated Reflected XSS (CVE-2021-25067)
wpscan.com · 2025-11-06

## Key Information ### Vulnerability Overview - **Name**: Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS) - **Description**: This plugin is affected by reflected XS…

Read more
ArForms < 6.6 Unauthenticated RCE via File Upload Manipulation
wpscan.com · 2025-11-06

## ArForms ------------------------------231372247329806589063676810774 Content-Disposition: form-data; name="token" 72JcFplqUK ------------------------------23137表247329806589063676810774-- ``` Acces…

Read more
Stored XSS in Simple SEO Plugin < 2.0.32 (CVE-2025-10357)
wpscan.com · 2025-10-14

### Key Information #### Description - **Vulnerability Type**: Stored XSS (Cross-Site Scripting) - **Affected Scope**: Simple SEO plugin versions < 2.0.32 - **Issue Description**: The plugin fails to …

Read more
OrderConvo < 14 Unauthenticated Arbitrary File Read (CVE-2025-10162)
wpscan.com · 2025-10-07

### Key Information #### Vulnerability Description - **Vulnerability Name**: OrderConvo < 14 - Unauthenticated Arbitrary File Read - **Description**: The plugin does not validate the file path to be d…

Read more
CVE-2025-9703: Stored XSS in Ultimate Addons for Elementor Lite < 2.5.0
wpscan.com · 2025-10-06

### Critical Vulnerability Information #### Description - **Vulnerability Name**: Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS - **Description**: The plugin does not sanitize SVG fi…

Read more
CVE-2025-9512: Unauthenticated Stored XSS in WordPress Plugin schema-and-structured-data-for-wp
wpscan.com · 2025-10-01

### Key Information #### Description - **Vulnerability Type**: Unauthenticated Stored-XSS - **Affected Versions**: Schema & Structured Data for WP & AMP < 1.50 #### Affected Plugin - **Plugin Name**: …

Read more
CVE-2025-5920: WordPress Sharable Password Protected Posts Unauthenticated Sensitive Data Exposure
wpscan.com · 2025-07-06

### Key Information #### Vulnerability Description - **Vulnerability Name**: Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access - **Description**: The plugin allo…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.