Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

62 New today
66,415 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
313
Jun 28
Jun 29
Critical
High
Medium
Low
Latest
CVE CVSS 5.3

NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible f...

CVE-2026-12404 webaways NEX-Forms – Ultimate Forms Plugin for WordPress
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-9242

RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication ...

metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE
MEDIUM 4.3 CVE-2026-9233

Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...

expresstech Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker CVE
MEDIUM 6.5 CVE-2026-3462

Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'p...

reepaydenmark Frisbii Pay CVE
MEDIUM 6.4 CVE-2026-13295

Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, a...

gpriday Page Builder by SiteOrigin CVE
MEDIUM 4.3 CVE-2026-12471

Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...

templatescoderthemes Spexo CVE
MEDIUM 5.3 CVE-2026-12432

Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_fai...

themeisle Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions CVE
MEDIUM 4.4 CVE-2026-12399

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings ...

jegstudio Gutenverse – WordPress Blocks, Page Builder & Site Editor CVE
MEDIUM 4.3 CVE-2026-11987

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...

dokaninc Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy CVE
MEDIUM 6.4 CVE-2026-11783

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored...

dokaninc Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy CVE