Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
CVE-2025-4955: Stored XSS in tarteaucitronjs < 1.9.5
wpscan.com · 2025-07-06

### Key Information #### Description - **Vulnerability Type**: Stored Cross-site Scripting (XSS) - **Affected Versions**: tarteaucitron.io < 1.9.5 - **Issue Description**: The plugin uses query parame…

Read more
WordPress Newsletter Plugin <8.8.5 Stored XSS Vulnerability (CVE-2025-3582)
wpscan.com · 2025-06-10

### Key Information #### Vulnerability Description - **Vulnerability Name**: Newsletter < 8.8.5 - Admin+ Stored XSS via Form - **Description**: The plugin does not properly sanitize and escape certain…

Read more
WordPress LogDash Activity Log SQL Injection Vulnerability (CVE-2023-6030) Analysis
wpscan.com · 2025-05-17

## Critical Vulnerability Information ### Description - **Vulnerability Type**: SQL Injection (SQLi) - **Affected Plugin**: LogDash Activity Log < 1.1.4 - **CVE ID**: CVE-2023-6030 - **CVSS Score**: 8…

Read more
WordPress Plugin TwitterPosts CSRF Vulnerability (CVE-2023-7297)
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: TwitterPosts <= 1.0.2 - Settings Update via CSRF - **Description**: The plugin does not perform CSRF checks when updating s…

Read more
CVE-2023-6786: Unauthenticated Open Redirect in Payment Gateway for Telcell < 2.0.4
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect - **Description**: The plugin does not validate the `ap…

Read more
Stored XSS in WordPress Plugin svg-uploads-support (CVE-2023-7086)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored XSS (via SVG file) - **Affected Versions**: SVG Uploads Support alert("xss"); ``` - **Steps to Reproduce**: Directly access the up…

Read more
Stored XSS in WordPress Top Comments Plugin (CVE-2024-12874)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Top Comments alert("cursedwashere")` 3. Click Save Settings. …

Read more
Stored XSS in WordPress WPBot Plugin (CVE-2025-0329) with PoC
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: AI ChatBot for WordPress - WPBot ` 3. Save the settings 4. Op…

Read more
Stored XSS in WooCommerce Getnet Plugin < 1.8.1 (CVE-2025-1289)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored XSS - **Affected Plugin**: Plugin Oficial – Getnet para WooCommerce alert(1)` 3. Save and observe XSS execution…

Read more
WordPress Plugin My Sticky Bar Stored XSS Vulnerability (CVE-2024-2643)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Vulnerability Title My Sticky Bar < 2.6.8 - Admin+ Stored XSS #### Description The plugin does not sanitize and escape certain settings, which may allow use…

Read more
WordPress Plugin Badgearoo Stored XSS Vulnerability (CVE-2025-1033) with PoC
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Admin+ Stored XSS - **Affected Plugin**: Badgearoo alert(/XSS: broo_email_settings[broo_assignment_moderators]/)` 3. S…

Read more
Reflected XSS in WordPress Plugin AffiliateImporterEb (CVE-2024-12733)
wpscan.com · 2025-05-17

## Critical Vulnerability Information ### Description - **Vulnerability Type**: Reflected Cross-Site Scripting (XSS) - **Affected Plugin**: AffiliateImporterEb alert(1)%3C/script> ``` ### Affected Plu…

Read more
WordPress Plugin Advance Post Prefix Reflected XSS Vulnerability (CVE-2024-12734)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Reflected Cross-Site Scripting (XSS) - **Cause**: The plugin does not properly sanitize and escape parameters before outputting them to t…

Read more
Stored XSS in WordPress Event Tickets Plugin (CVE-2024-6711)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Admin+ Stored XSS - **Affected Plugin**: Event Tickets with Ticket Scanner Test injectionalert(2)`. 3. Click “OK”, the…

Read more
CVE-2024-12732: Reflected XSS in WordPress Plugin AffiliateImporterEb
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Reflected Cross-Site Scripting (XSS) - **Affected Versions**: AffiliateImporterEb <= 1.0.6 - **Issue Description**: Th…

Read more
WordPress ClipArt Reflected XSS Vulnerability (CVE-2024-12726) with PoC
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Reflected Cross-Site Scripting (XSS) - **Affected Versions**: ClipArt alert(1)=1 ``` #### Affected Plugin - **Plugin N…

Read more
WordPress Competition Form CSRF Vulnerability (CVE-2024-12750)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: CSRF (Cross-Site Request Forgery) - **Affected Plugin**: Competition Form <= 2.0 - **Issue Description**: The plugin d…

Read more
WP Ulike < 4.7.6 Admin Stored XSS Vulnerability (CVE-2024-12770)
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: WP Ulike < 4.7.6 - Admin+ Stored XSS - **Description**: The plugin fails to sanitize and escape certain settings, allowing …

Read more
CVE-2024-13621: Stored XSS in Data443 GDPR Framework < 2.2.0
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: The GDPR Framework By Data443 ` in the "Cookie Acceptance Popup header" or "Co…

Read more
CVE-2024-6462: Stored XSS in WordPress DL Yandex Metrika Plugin
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Admin+ Stored XSS - **Affected Plugin**: DL Yandex Metrika alert(2)` 3. Save and observe the XSS effect. #### Affected…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.