Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

268 New today

65,000 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 4.3

MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is due to a completely broken nonce validation in the enter_mpclp_login_options() function, which contains an inverted check (if wp...

CVE-2026-6292 manuelpadillac MP Customize Login Page

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-4297	Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method_CVE-2026-4297 The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is ...	newscred	Welcome Software Publishing 0.0.31	Jun 24, 2026	CVE
HIGH 7	CVE-2026-13006	Incomplete protection against CVE-2025-11226_CVE-2026-13006 ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, all...	QOS.CH Sarl	Logback-core 0.9.20	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-12417	SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover_CVE-2026-12417 The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in v...	pravel	SignUp & SignIn	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-12416	Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter_CVE-2026-12416 The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This i...	pravel	Invoice Generator	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12100	URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100 The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter...	abhisheksaha11	URL Preview	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12095	Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095 The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' param...	bytuncay	Kargo Takip	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-12094	Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094 The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on t...	iamranit	Advanced Contact Form 7 – Compact DB	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-11997	Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997 The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or ...	seo_tools	Bulk SEO Image	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11370	WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...	joomunited	WP Meta SEO	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292

Recent Advisories

Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method_CVE-2026-4297

Incomplete protection against CVE-2025-11226_CVE-2026-13006

SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover_CVE-2026-12417

Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter_CVE-2026-12416

URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100

Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095

Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997

WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370

Protect Your Attack Surface with RedGem

Security Intelligence
Feed