Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 231+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
NextGEN Gallery < 3.59.5 Stored XSS Vulnerability (CVE-2024-6393)
wpscan.com · 2024-11-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: NextGEN Gallery < 3.59.5 2. **Vulnerability Type**: Admin+ Stored XSS 3. **Desc…

Read more
CVE-2024-9422: GEO My WordPress Arbitrary File Upload Vulnerability
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload 2. **Description**: The p…

Read more
Formidable Forms < 6.14.1 Stored XSS Vulnerability (CVE-2024-9768)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Formidable Forms < 6.14.1 - Admin+ Stored XSS 2. **Description**: The plugin do…

Read more
Ditty <3.1.47 Stored XSS Vulnerability (CVE-2024-9600)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Ditty < 3.1.47 2. **Vulnerability Type**: Author+ Stored XSS 3. **Description**…

Read more
WordPress Taskbuilder SQL Injection Vulnerability Analysis (CVE-2024-9828)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Taskbuilder < 3.0.5 2. **Vulnerability Type**: SQL Injection (SQLi) 3. **Affect…

Read more
WordPress CM Table Of Contents Plugin CSRF Leading to Stored XSS (CVE-2024-5029)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: CM Table Of Contents - WordPress TOC Plugin 2. **Version**: 1.2.4 3. **Vulnerab…

Read more
WordPress Alphabetical List <=1.0.3 CSRF Vulnerability (CVE-2024-8157)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Alphabetical List <= 1.0.3 - Settings Update via CSRF 2. **Description**…

Read more
WordPress Media Library Tools <1.5.0 Stored XSS via SVG (CVE-2024-10482)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Media Library Tools < 1.5.0 2. **Vulnerability Type**: Author+ Stored XSS via S…

Read more
Squirrly SEO <12.3.21 Stored XSS Vulnerability (CVE-2024-10515)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: SEO Plugin by Squirrly SEO < 12.3.21 2. **Vulnerability Type**: Editor+ Stored …

Read more
WordPress CM Table Of Contents Plugin CSRF Vulnerability (CVE-2024-5030)
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: CM Table Of Contents - WordPress TOC Plugin < 1.2.3 2. **Vulnerability Type**: …

Read more
MailPoet < 5.3.2 Stored XSS Vulnerability (CVE-2024-10103) Analysis and Fix
wpscan.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: MailPoet ` - Save the form and click "Preview" to trigger the alert 4. *…

Read more
WordPress Secure Custom Fields CVE-2024-9529 Admin+ RCE via Arbitrary PHP Function Execution
wpscan.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Secure Custom Fields < 6.3.6.3 2. **Vulnerability Type**: Admin+ Remote Code Ex…

Read more
WordPress Jobs Plugin <2.7.8 Stored XSS Vulnerability (CVE-2024-10104)
wpscan.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS 2. **Description**: The pl…

Read more
CVE-2024-9186: Unauthenticated SQL Injection in Automation By Autonami < 3.3.0
wpscan.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Automation By Autonami < 3.3.0 2. **Vulnerability Type**: Unauthenticated SQL I…

Read more
CVE-2024-10146: Reflected XSS in Simple File List < 6.1.13
wpscan.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Simple File List < 6.1.13 2. **Vulnerability Type**: Reflected Cross-Site Scrip…

Read more
WordPress RSS Feed Widget <3.0.0 Stored XSS Vulnerability (CVE-2024-9836)
wpscan.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: RSS Feed Widget < 3.0.0 2. **Vulnerability Type**: Contributor+ Stored XSS 3. *…

Read more
Unauthenticated Stored XSS in Registrations for The Events Calendar < 2.12.4 (CVE-2024-7982)
wpscan.com · 2024-11-11

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Plugin Name**: `Registrations for The Events Calendar alert(2)` as both first and last name. - As an adm…

Read more
WordPress Safe SVG SVG Sanitisation Bypass Vulnerability (CVE-2024-8378) with PoC
wpscan.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: Safe SVG alert(1)', }); ``` - Check the returned JSON’s `source_url`. The file …

Read more
WP Booking Calendar <10.6.3 Stored XSS Vulnerability (CVE-2024-10027)
wpscan.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Plugin Name**: WP Booking Calendar < 10.6.3 2. **Vulnerability Type**: Admin+ Stored XSS 3. **…

Read more
CVE-2024-9934: Reflected XSS in Wp-ImageZoom <= 1.1.0
wpscan.com · 2024-11-09

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Plugin Name**: Wp-ImageZoom <= 1.1.0 2. **Vulnerability Type**: Reflected Cross-Site Scripting (XSS) 3. …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.