Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

32 New today

60,264 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

204

May 25

336

May 26

455

May 27

326

May 28

451

May 29

206

May 30

May 31

417

Jun 1

295

Jun 2

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

Critical

High

Medium

Low

Latest

CVE CVSS 4.9

LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter_CVE-2026-7565

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with admin...

CVE-2026-7565 thimpress LearnPress – Backup & Migration Tool

Jun 6, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-7537	MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter_CVE-2026-7537 The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_se...	mdjm	MDJM Event Management	Jun 6, 2026	CVE
MEDIUM 4.4	CVE-2026-2500	Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter_CVE-2026-2500 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_d...	davidfcarr	Quick Playground	Jun 6, 2026	CVE
HIGH 7.8	3A0FB196-510A-	Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069 CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-0847 Dirty Pipe. Original source code from haxx.in/dirtypipe. Build bash make glibc stat...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
MEDIUM 4.3	CVE-2026-9719	LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action_CVE-2026-9719 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 5, 2026	CVE
HIGH 7.5	CVE-2026-9290	WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu...	wpusermanager	WP User Manager – User Profile Builder & Membership	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-8976	RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions_CVE-2026-8976 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorizatio...	themeisle	RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator	Jun 5, 2026	CVE
MEDIUM 6.4	CVE-2026-8900	Simple SEO Slideshow <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8900 The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and incl...	spyrosvl	Simple SEO Slideshow	Jun 5, 2026	CVE
MEDIUM 6.4	CVE-2026-8893	Express Payment For Stripe <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8893 The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] s...	payaddons	Express Payment For Stripe	Jun 5, 2026	CVE
MEDIUM 5.3	CVE-2026-8608	Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action_CVE-2026-8608 The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity...	awordpresslife	Event Monster – Event Manager, Ticket Booking & Registration	Jun 5, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter_CVE-2026-7565

Recent Advisories

MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter_CVE-2026-7537

Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter_CVE-2026-2500

Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069

LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action_CVE-2026-9719

WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290

RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions_CVE-2026-8976

Simple SEO Slideshow <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8900

Express Payment For Stripe <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8893

Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action_CVE-2026-8608

Protect Your Attack Surface with RedGem

Security Intelligence
Feed