Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

85 New today

64,295 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 9.1

Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value_CVE-2026-8713

The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arb...

CVE-2026-8713 themefusion Avada (Fusion) Builder

Jun 19, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-8118	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 – 1.7.1059 – Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source_CVE-2026-8118 The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1...	wproyal	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058	Jun 19, 2026	CVE
MEDIUM 4.9	CVE-2026-7547	Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter_CVE-2026-7547 The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and includin...	teamwsa	Woosa – Marktplaats for WooCommerce	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-7515	BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style_CVE-2026-7515 The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter...	betterdocs	BetterDocs Pro	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-54414	FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover_CVE-2026-54414 FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), leading to arbi...	error311	FileRise	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-4328	Advanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' Parameter_CVE-2026-4328 The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to t...	addonspress	Advanced Import	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-1856	Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856 The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions ...	creavi	Creavi Appointment Booking Calendar	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12644	CVE-2026-12644_CVE-2026-12644 Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype me...	n/a	ts-deepmerge	Jun 19, 2026	CVE
MEDIUM 4.4	CVE-2026-12430	Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430 The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2....	creativethemeshq	Blocksy Companion	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-12157	BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157 The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...	wpdevteam	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value_CVE-2026-8713

Recent Advisories

Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 – 1.7.1059 – Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source_CVE-2026-8118

Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter_CVE-2026-7547

BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style_CVE-2026-7515

FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover_CVE-2026-54414

Advanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' Parameter_CVE-2026-4328

Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856

CVE-2026-12644_CVE-2026-12644

Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430

BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157

Protect Your Attack Surface with RedGem

Security Intelligence
Feed