Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Stored XSS in WordPress Plugin PVN Auth Popup (CVE-2024-6713)
wpscan.com · 2025-05-17

## Critical Vulnerability Information ### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: PVN Auth Popup alert(1)` 3. Save and observe the XSS effect. - …

Read more
Stored XSS in Podlove Podcast Publisher <4.1.24 (CVE-2024-13729)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Admin+ Stored XSS - **Affected Plugin**: Podlove Podcast Publisher ` 5. Save and observe the XSS execution. #### Affec…

Read more
Stored XSS in WordPress CP Polls Plugin (CVE-2024-8851)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: Polls CP select any default-generated poll ID. 2. Go to Settings > Vote Button…

Read more
Stored XSS in WordPress Clicksold IDX Plugin <= 1.90 (CVE-2024-7769)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: XSS (Cross-Site Scripting) - **Affected Plugin**: WordPress Clicksold IDX Plugin alert(document.cookie)` 3. Save the s…

Read more
WordPress Event Calendar <= 1.0.4 Stored XSS Vulnerability (CVE-2024-8701)
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: Event Calendar Calendar Manager" 2. Add a new calendar and enter `">alert(2)` in the calendar name field 3. Save and view t…

Read more
WordPress Z-Downloads Stored XSS via SVG Upload (CVE-2024-8673)
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload - **Description**: The plugin does not properly validate uploaded f…

Read more
CVE-2024-8094: Ntz Antispam Plugin CSRF Vulnerability
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: CSRF (Cross-Site Request Forgery) - **Affected Plugin**: Ntz Antispam <= 2.0e - **Issue**: The plugin does not perform…

Read more
Stored XSS in WordPress Pagelayer Plugin < 1.9.0 (CVE-2024-8618)
wpscan.com · 2025-05-17

## Critical Vulnerability Information ### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Page Builder: Pagelayer alert(99)` 4. Send the request and obse…

Read more
WordPress Z-Downloads Arbitrary File Upload Vulnerability (CVE-2024-8699)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Name**: Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload - **Description**: The plugin fails to properly validate uploaded …

Read more
Stored XSS in WordPress cp-polls Plugin (CVE-2024-8854)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: Polls CP alert(999)` 3. On any page containing the poll, an XSS alert will pop…

Read more
WordPress Ajax Search Lite Stored XSS Vulnerability (CVE-2024-8619)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Vulnerability Name Ajax Search Lite <= 4.12.2 - Admin+ Stored XSS #### Description The plugin does not properly sanitize and escape certain settings, allowi…

Read more
CVE-2024-8670: Stored XSS in 10Web Photo Gallery < 1.8.29
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Vulnerability Description - **Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Photo Gallery by 10Web < 1.8.29 - **Issue**: The plugin does …

Read more
WordPress Plugin Custom Author Base CSRF Vulnerability (CVE-2024-8050)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: CSRF (Cross-Site Request Forgery) - **Affected Plugin**: Custom Author Base <= 1.1.1 - **Issue**: The plugin does not …

Read more
Stored XSS in WordPress Countdown Timer Plugin (CVE-2024-10631)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin Versions**: Countdown Timer On Date Expiry > Expire Type", selec…

Read more
Stored XSS in WordPress Plugin tarteaucitron-wp (CVE-2024-11718)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Author+ Stored XSS - **Affected Plugin**: tarteaucitron.js for WordPress ` 3. Click the "Allow" button to observe the …

Read more
WordPress If-So Plugin Stored XSS Vulnerability (CVE-2024-5440) Advisory
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS - **Description**: The plugin fails to …

Read more
Stored XSS in WordPress Plugin Full Screen Background Image Slideshow (CVE-2024-11221)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: Full Screen (Page) Background Image Slideshow alert(95)` 3. Save and observe t…

Read more
Stored XSS in WordPress Plugin jwp-a11y (CVE-2024-11190)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored XSS (Cross-Site Scripting) - **Affected Plugin**: jwp-a11y alert(document.cookie)` and update the settings. 3. …

Read more
Stored XSS in WordPress Plugin ARSocial < 1.4.2 (CVE-2024-11189)
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: Social Share And Social Locker – ARSocial alert(2)` for the Facebook App ID 3.…

Read more
Jetpack <13.8 Unauthenticated Arbitrary Block & Shortcode Execution (CVE-2024-10075)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Vulnerability Description - **Name**: Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution - **Description**: The plugin does not ensure t…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.