Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Stored XSS in WordPress Auto Prune Posts Plugin (CVE-2024-10639)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Auto Prune Posts alert(8888)` 3. Save and observe the XSS ale…

Read more
Happyforms <1.26.3 Stored XSS Vulnerability (CVE-2024-10054)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Happyforms alert(2)'` 3. Add the form to a page or post. 4. W…

Read more
CVE-2024-10475: Lead Form Builder < 1.9.8 Stored XSS Vulnerability
wpscan.com · 2025-05-17

### Key Information #### Vulnerability Description - **Vulnerability Name**: Lead Form Builder < 1.9.8 - Admin+ Stored XSS - **Description**: The plugin does not sanitize or escape certain settings, a…

Read more
WordPress AVIF & SVG Uploader Stored XSS Vulnerability (CVE-2024-9238)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: XSS (Cross-Site Scripting) - **Affected Plugin**: AVIF & SVG Uploader <= 1.1.0 - **Issue**: The plugin does not saniti…

Read more
CVE-2024-9765: EKC Tournament Manager Arbitrary File Download Vulnerability
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Admin+ Arbitrary File Download - **Affected Plugin**: EKC Tournament Manager < 2.2.2 - **Description**: This plugin al…

Read more
CVE-2024-9662: Stored XSS in CYAN Backup < 2.5.3
wpscan.com · 2025-05-17

### Key Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Versions**: CYAN Backup alert('XSS: excluded!')` 3. Save and reload the page to observe th…

Read more
WordPress Plugin website-file-changes-monitor SQL Injection Vulnerability (CVE-2024-9879)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Issue**: The plugin does not properly sanitize and escape parameters before use, leading to SQL injection attacks. - **Impact**: Administrat…

Read more
Stored XSS in WordPress Plugin Ultimate Noindex Nofollow Tool II (CVE-2024-1663)
wpscan.com · 2025-05-17

### Critical Vulnerability Information #### Description - **Vulnerability Type**: Stored Cross-Site Scripting (XSS) - **Affected Plugin**: Ultimate Noindex Nofollow Tool II Ultimate Noindex” 2. Add th…

Read more
WordPress wp-geshi-highlight Plugin CVE-2024-13896 ReDoS Vulnerability Advisory
wpscan.com · 2025-04-13

### Key Information #### Vulnerability Description - **Vulnerability Name**: WP-Geshi-Highlight ', 20000)`). 3. Publish a new post containing the payload as an administrator. 4. Monitor server CPU usa…

Read more
CVE-2025-2048: Lana Downloads Manager Path Traversal Vulnerability
wpscan.com · 2025-04-13

### Key Information #### Description - **Vulnerability Name**: Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal - **Description**: The plugin does not validate user-…

Read more
CVE-2024-10510: Stored XSS in adBuddy+ WordPress Plugin
wpscan.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: adBuddy+ (AdBlocker Detection) by NetfunkDesign 2. **Plugin Version**: alert(1)…

Read more
Stored XSS in WordPress Photo Gallery by 10Web (CVE-2024-10704)
wpscan.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Photo Gallery by 10Web < 1.8.31 2. **Vulnerability Type**: Admin+ Stored XSS 3.…

Read more
WordPress Logo Slider < 4.5.0 Stored XSS Vulnerability (CVE-2024-10896)
wpscan.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Logo Slider < 4.5.0 2. **Vulnerability Type**: Contributor+ Stored XSS 3. **Des…

Read more
WordPress Logo Slider CVE-2024-10473 Stored XSS Vulnerability Analysis
wpscan.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Logo Slider < 4.5.0 2. **Vulnerability Type**: Author+ Stored XSS 3. **Descript…

Read more
CVE-2024-10980: Element Pack Elementor Addons Stored XSS Vulnerability
wpscan.com · 2024-11-30

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Plugin Name**: Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS 2. **Description**: The …

Read more
CVE-2024-10493: Element Pack Elementor Addons Contributor+ Stored XSS
wpscan.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Element Pack Elementor Addons Content Caption" setting, the XSS vulnerability c…

Read more
Everest Forms <3.0.4.2 Stored XSS Vulnerability (CVE-2024-10471)
wpscan.com · 2024-11-27

From this webpage screenshot, the following key vulnerability information can be extracted: 1. **Plugin Name**: Everest Forms < 3.0.4.2 2. **Vulnerability Type**: Admin+ Stored XSS 3. **Description**:…

Read more
WordPress YaDisk Files Stored XSS Vulnerability (CVE-2024-10710)
wpscan.com · 2024-11-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: YaDisk Files alert(4)"` in the "Yadisk Login" field - 3. Save and observe the X…

Read more
CVE-2024-10709: Stored XSS in YaDisk Files <= 1.2.5 via Shortcode
wpscan.com · 2024-11-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: YaDisk Files <= 1.2.5 2. **Vulnerability Type**: Contributor+ Stored XSS via Sh…

Read more
WPForms < 1.9.1.6 Stored XSS Vulnerability (CVE-2024-7056)
wpscan.com · 2024-11-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: WPForms < 1.9.1.6 2. **Vulnerability Type**: Admin+ Stored XSS 3. **Description…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.