Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

411 New today

62,772 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

151

Jun 3

354

Jun 4

517

Jun 5

109

Jun 6

Jun 7

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

Jun 16

Critical

High

Medium

Low

Latest

CVE CVSS 7.1

WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39437

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

CVE-2026-39437 WPFactory Min Max Step Quantity Limits Manager for WooCommerce n/a

Jun 16, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-2381	WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter_CVE-2026-2381 The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on...	woocommerce	WooCommerce Stripe Payment Gateway	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-10825	Improper JSON Input Validation in WebSocket API Leads to Denial of Service_CVE-2026-10825 A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged ...	Moxa	NPort 6000-G2 Series 1.0	Jun 16, 2026	CVE
HIGH 7.5	CVE-2025-68045	WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability_CVE-2025-68045 Unauthenticated Broken Access Control in WP Event SOlution	Arraytics	WP Event SOlution n/a	Jun 16, 2026	CVE
HIGH 8.5	B1BB8CF9-0BFD-	Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_B1BB8CF9-0BFD-571E-8152-2D53A8245793 CVE-2026-54420 Mitigation Toolkit Defensive remediation, auditing, and verification toolkit for CVE-2026-54420 affecting LiteSpeed cPanel Plugin in...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-8444	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter_CVE-2026-8444 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action ...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
MEDIUM 6.4	CVE-2026-10093	File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter_CVE-2026-10093 The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' param...	deepakkite	Secure Client Portal and Private File Sharing Plugin – User Private Files	Jun 16, 2026	CVE
HIGH 8.7	30AECF2C-E55B-	Exploit for CVE-2026-20262_30AECF2C-E55B-530A-B3C5-DC776BD957D4 cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
NONE	29D0989A-B7ED-	Exploit for CVE-2026-54686_29D0989A-B7ED-56AD-B27C-E3D705F08F97 CVE-2026-54686: Warp Remote SSH Command Injection PoC Description This repository contains a Proof of Concept PoC for CVE-2026-54686, a command inj...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.7	EB7819E4-5D08-	Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_EB7819E4-5D08-5B2B-B382-7EDE03F6667E cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39437

Recent Advisories

WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter_CVE-2026-2381

Improper JSON Input Validation in WebSocket API Leads to Denial of Service_CVE-2026-10825

WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability_CVE-2025-68045

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_B1BB8CF9-0BFD-571E-8152-2D53A8245793

WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter_CVE-2026-8444

File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter_CVE-2026-10093

Exploit for CVE-2026-20262_30AECF2C-E55B-530A-B3C5-DC776BD957D4

Exploit for CVE-2026-54686_29D0989A-B7ED-56AD-B27C-E3D705F08F97

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_EB7819E4-5D08-5B2B-B382-7EDE03F6667E

Protect Your Attack Surface with RedGem

Security Intelligence
Feed