Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
WordPress Plugin Auto Featured Image Horizontal Privilege Escalation (CVE-2025-13794) with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Overview **CVE-2025-13794** is a Missing Authorization vulnerability found in the WordPress plugin **Auto Featured Image (Auto Post Thumbnail)**. This vulnerability allows authentica…

Read more
Sydney WordPress Theme Missing Authorization Vulnerability (CVE-2025-8999) with POC
research.cleantalk.org · 2026-04-09

### Summary of Key Vulnerability Information **1. Vulnerability Overview** * **CVE ID:** CVE-2025-8999 * **Vulnerability Name:** Sydney – Missing Authorization to Authenticated (Subscriber+) Limited T…

Read more
WordPress MxChat CVE-2025-12585 IDOR Vulnerability and POC
ryankozak.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2025-12585 * **Vulnerability Type:** Insecure Direct Object Reference (IDOR) / Unauthorized Information Disclosure * **Descriptio…

Read more
WP All Import/Export Plugin Vulnerabilities: CVE-2024-8722/9664/9661/7425/7419 Advisory
www.wpallimport.com · 2026-04-09

### Vulnerability Overview This security update addresses multiple versions of the **WP All Import** and **WP All Export** plugins, patching the following critical vulnerabilities: * **WP All Import P…

Read more
Tracking Code Manager <2.4.0 Pre-Auth Stored XSS (CVE-2024-10309)
wpscan.com · 2026-04-09

# Vulnerability Summary: Tracking Code Manager ` 3. Save the post and view the preview to trigger the XSS payload.

Read more
JupiterX Core Plugin CVE-2025-0366: SVG Upload to RCE via Unpredictable Filenames
sec.stealthcopter.com · 2026-04-09

### Vulnerability Overview The JupiterX Core plugin contains three related vulnerabilities that, when combined, allow an attacker to escalate from SVG file upload to Remote Code Execution (RCE): 1. **…

Read more
LearnPress WordPress LMS SQL Injection Vulnerabilities (CVE-2024-8529/8522) Analysis
abrahack.com · 2026-04-09

### Vulnerability Overview This article details two SQL injection vulnerabilities (CVE-2024-8529 and CVE-2024-8522) found in the LearnPress WordPress LMS plugin. * **Vulnerability Mechanism**: An atta…

Read more
CVE-2025-6586: Download Plugin Arbitrary File Upload Leading to RCE
github.com · 2026-04-09

# CVE-2025-6586 Vulnerability Summary ## Vulnerability Overview The `dpwap_plugin_locInstall` function in the **Download Plugin** (version 2.2.8). * If an upgrade is not feasible, manually patch the `…

Read more
WP Recipe Maker Information Disclosure Vulnerability (CVE-2025-15527) with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Overview **CVE-2025-15527** is an information disclosure vulnerability present in the WordPress plugin **WP Recipe Maker**. The core issue lies in the REST API endpoint returning pos…

Read more
WP Migrate Lite CVE-2025-11427 Unauthenticated Blind SSRF Vulnerability Analysis
research.cleantalk.org · 2026-04-09

### Vulnerability Overview * **CVE ID**: CVE-2025-11427 * **Affected Plugin**: WP Migrate Lite (Version <= 2.7.6) * **Vulnerability Type**: Unauthenticated Blind Server-Side Request Forgery (SSRF) * *…

Read more
D-Link/Tenda Router Firmware Buffer Overflow Vulnerability Summary (CVE)
github.com · 2026-04-09

### CVE Vulnerability Summary #### 1. Vulnerability Overview This list summarizes security vulnerabilities found in firmware from multiple network device vendors, primarily **D-Link** and **Tenda**. T…

Read more
WordPress Download Plugin <=2.2.8 Authenticated Arbitrary File Upload RCE (CVE-2025-6586)
ryankozak.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2025-6586 * **Vulnerability Name:** Download Plugin 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loo…

Read more
CVE-2025-9243: Cost Calculator Builder Missing Authorization Bypass via AJAX
research.cleantalk.org · 2026-04-09

### Summary of Key Vulnerability Information **Vulnerability Overview (CVE-2025-9243)** * **Vulnerability Name:** Cost Calculator Builder – Missing Authorization to update order status and payment sta…

Read more
CVE-2025-9294: Quiz And Survey Master Missing Authorization Vulnerability with POC
research.cleantalk.org · 2026-04-09

### Vulnerability Overview **CVE-2025-9294** is a **Missing Authorization** vulnerability present in the **Quiz And Survey Master (QSM)** plugin. This vulnerability allows low-privileged authenticated…

Read more
CVE-2025-9979: Maspik Authenticated Missing Authorization to Spam Log Export
research.cleantalk.org · 2026-04-09

# Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2025-9979 - **Vulnerability Name**: Maspik - Authenticated (Subscriber+) Missing Authorization to Spam Log Export - **Description**:…

Read more
Essential Blocks CVE-2025-11369: Missing Auth to Sensitive Data Exposure
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2025-11369 * **Vulnerability Name**: Essential Blocks – Missing Auth to Sensitive Data Exposure (API keys of I…

Read more
File-Away WordPress Plugin Unauth File Read/Upload RCE (CVE-2025-2539/2512)
github.com · 2026-04-09

### Vulnerability Overview This repository contains details and exploitation scripts for two high-severity vulnerabilities in the File-Away WordPress plugin, which can lead to Remote Code Execution (R…

Read more
CVE-2025-1119: Arbitrary Shortcode Execution and Stored XSS in Simply Schedule Appointments
blog.lucianohanna.com.br · 2026-04-09

# CVE-2025-1119: XSS Vulnerability in Simply Schedule Appointments ## Vulnerability Overview * **CVE ID:** CVE-2025-1119 * **Vulnerability Type:** Arbitrary Shortcode Execution and Stored XSS * **CVSS…

Read more
LearnPress WordPress Plugin CVE-2024-11868 Unauthenticated Sensitive Information Exposure
abrahack.com · 2026-04-09

### Vulnerability Overview * **CVE ID:** CVE-2024-11868 * **Vulnerability Type:** Sensitive Information Exposure * **Severity:** Medium (CVSS 3.1: 5.3) * **Description:** This vulnerability allows una…

Read more
WordPress File Upload Plugin CVE-2024-11613 RCE via MIME Bypass
abrahack.com · 2026-04-09

### Vulnerability Overview This document discusses a new Remote Code Execution (RCE) vulnerability (CVE-2024-11613) introduced by the WordPress File Upload plugin after patching CVE-2024-9939 and CVE-…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.