Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

WordPress Aruba HiSpeed Cache Plugin CSRF Vulnerability

www.wordfence.com · 2026-04-11

# Vulnerability Summary **Vulnerability Overview**: The Aruba HiSpeed Cache WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF). This is due to missing nonce verification in the `aruba…

Kadence Blocks <=3.6.3 Missing Authorization to Authenticated Media Upload

www.wordfence.com · 2026-04-11

# Key Vulnerability Information Summary ## Vulnerability Overview The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin contains an authorization bypass vulnerability. Due to the plugi…

WordPress Webling Plugin <=3.9.0 Authenticated Stored XSS

www.wordfence.com · 2026-04-11

### Vulnerability Key Information Summary **Vulnerability Overview** The Webling WordPress plugin is vulnerable to Stored Cross-Site Scripting (Stored XSS). Due to insufficient input sanitization, ins…

WordPress Download Manager <=3.3.51 Missing Authorization Vulnerability

www.wordfence.com · 2026-04-11

### Vulnerability Key Information Summary **Vulnerability Overview** The Download Manager plugin for WordPress is affected by a missing authorization vulnerability. Due to the `makeMediaPublic()` and …

WordPress Perfatters <=2.5.9 Authenticated Arbitrary File Overwrite via Path Traversal

www.wordfence.com · 2026-04-11

### Vulnerability Key Information Summary **Vulnerability Overview** The Perfatters WordPress plugin is vulnerable to arbitrary file overwrite. An attacker can exploit this vulnerability via path trav…

Vertex Addons for Elementor Missing Authorization Arbitrary Plugin Installation (CVE-2026-4326)

www.wordfence.com · 2026-04-11

### Vulnerability Key Information Summary **Vulnerability Name** Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activatio…

WordPress Gravity SMTP Missing Authorization Vulnerability (<=2.1.4)

www.wordfence.com · 2026-04-11

# Key Vulnerability Information Summary ## Vulnerability Overview The Gravity SMTP plugin for WordPress is affected by a Missing Authorization vulnerability. Due to the plugin failing to properly veri…

Stored XSS in AddFunc Head & Footer Code for WordPress <= 2.3

www.wordfence.com · 2026-04-11

**Vulnerability Overview** The AddFunc Head & Footer Code plugin contains a stored cross-site scripting (Stored XSS) vulnerability. The plugin stores user input via the post meta fields `aHfnc_head_co…

Chamillo LMS Open Redirect via Unvalidated 'page' Parameter in Session Course Edit

github.com · 2026-04-11

### Vulnerability Intelligence Summary **Vulnerability Name**: Open Redirect via Unvalidated 'page' Parameter in Session Course Edit (2.0.0 RC) **Summary/Description**: Chamillo LMS version 2.0.0 RC c…

Chamillo LMS IDOR in Gradebook Allows Cross-Course Deletion of Student Grades

github.com · 2026-04-11

# Vulnerability Summary: Chamillo LMS IDOR Vulnerability ## Vulnerability Overview This is an IDOR (Insecure Direct Object Reference) vulnerability. In the gradebook result view page of Chamillo LMS, …

Axios CRLF Header Injection Leading to Cloud Metadata Exfiltration Fix

github.com · 2026-04-11

### Vulnerability Overview **Title**: `fix: unrestricted cloud metadata exfiltration via header injection chain #10660` This is a security fix for the Axios library aimed at preventing attackers from …

Rocket.Chat Open Redirect Vulnerability (CVE-2026-22560) Advisory and Fix

hackerone.com · 2026-04-11

### Vulnerability Key Information Summary * **Vulnerability Overview**: An open redirect vulnerability exists in Rocket.Chat. The `/_ssl_redirect/provider` endpoint includes a redirect query string va…

Rocket.Chat SAML SLO Open Redirect Vulnerability Fix (PR #38994)

github.com · 2026-04-11

### Key Vulnerability Information Summary **Vulnerability Overview** The SAML Single Logout (SLO) redirect functionality contains a vulnerability. Because the `processSLORedirectAction` function direc…

Chartbrew Template API Cross-Tenant Access Control Fix

github.com · 2026-04-11

### Vulnerability Overview Fixed a **cross-tenant (cross-team) operation vulnerability** in the `TemplateRoute` API route of the `chartbrew` project. The original code did not strictly verify the cons…

Vehicle Showroom Management System V1.0 Unauthenticated XSS in ServiceAndSalesReport.php

github.com · 2026-04-10

# Vulnerability Summary: Vehicle Showroom Management System XSS Vulnerability ## 1. Vulnerability Overview * **Vulnerability Type:** Cross-Site Scripting (XSS) * **Affected Product:** Vehicle Showroom…

Vehicle Showroom Management System ProfitAndLossReport.php Reflected XSS

github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Vehicle Showroom Management System Project V1.0 /ProfitAndLossReport.php cross site scripting * **Vulnerability Type**: XSS (Cross-Site Scripting) …

Unauthenticated XSS in Code-Projects Vehicle Showroom 1.0 ProfitAndLossReport.php (CVE-2026-6034)

vuldb.com · 2026-04-10

# Vulnerability Intelligence Summary ## Vulnerability Overview * **Vulnerability Name**: Code-Projects Vehicle Showroom Management System 1.0 ProfitAndLossReport.php BRANCH_ID Cross-Site Scripting (XS…

OpenStack Skyline Console DOM-based XSS Vulnerability (CVE-2026-40212) Analysis

bugs.launchpad.net · 2026-04-10

### Vulnerability Overview * **Title**: [OSSA-2026-006] DOM-based XSS in Skyline Console via unsanitized instance console log rendering * **CVE ID**: CVE-2026-40212 * **Description**: This is a DOM-ba…

Bluebubbles Webhook IP Spoofing Bypasses Rate Limiting Fix

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** Bluebubbles (an iMessage server implementation) contains a logic flaw when processing Webhook requests. The previous implementation failed to corre…

openwisp openwisp-wifi-control-lts Gateway Privilege Escalation via Silent Reconnect

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This is a privilege escalation vulnerability located within the Gateway component. An attacker can exploit the "silent reconnect" mechanism to esca…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23504+