Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

279 New today

65,322 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage(), which dispatches to launchbulk() / BulkSeoImageGo...

CVE-2026-11997 seo_tools Bulk SEO Image

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-11370	WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...	joomunited	WP Meta SEO	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-10552	Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...	jotis	Blue Captcha	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10092	Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...	nicashmu	Cincopa video and media plug-in	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10091	Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up ...	cgarvey	Email JavaScript Cloak	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-7761	Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761 The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2...	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-56052	WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability_CVE-2026-56052 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows ...	FunnelKit	Funnel Builder by FunnelKit n/a	Jun 24, 2026	CVE
HIGH 8.8	5CCE7939-1019-	Exploit for CVE-2026-8461_5CCE7939-1019-5F8F-A1B9-EA7B129C8C99 CVE-2026-8461 "PixelSmash" — FFmpeg MagicYUV Heap OOB Write PoC !WARNING This repository contains a working exploit PoC for a heap corruption vulne...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 8.6	THN:881DB7D7759...	Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root_THN:881DB7D77599D527FA15CA26FD8CBC33 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivauBSNOsDqBHvUFSnF1NdlWJ8BAt2JVgIo_ZUQhBkVppSz0PvkEmrc9RP1hMf2-oFFRgr5PNm7pxLmPngAJ...	N/A	N/A	Jun 24, 2026	THN
CRITICAL 10	59505BC0-DE3A-	MCATester_59505BC0-DE3A-56CF-96BF-33C4639271E6 MCATester — AI-Powered OSINT & Vulnerability Discovery Platform Built during a security research internship at the National e-Governance Division N...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997

Recent Advisories

WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370

Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552

Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092

Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091

Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability_CVE-2026-56052

Exploit for CVE-2026-8461_5CCE7939-1019-5F8F-A1B9-EA7B129C8C99

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root_THN:881DB7D77599D527FA15CA26FD8CBC33

MCATester_59505BC0-DE3A-56CF-96BF-33C4639271E6

Protect Your Attack Surface with RedGem

Security Intelligence
Feed