Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

302 New today

66,386 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

386

Jun 26

Jun 27

284

Jun 28

Critical

High

Medium

Low

Latest

CVE CVSS 6.1

MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta...

CVE-2026-13245 maxfoundry MaxButtons – Create buttons

Jun 27, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-12404	NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including...	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-9242	RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication ...	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-9233	Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-3462	Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'p...	reepaydenmark	Frisbii Pay	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13295	Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, a...	gpriday	Page Builder by SiteOrigin	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-12471	Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...	templatescoderthemes	Spexo	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12432	Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_fai...	themeisle	Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions	Jun 27, 2026	CVE
MEDIUM 4.4	CVE-2026-12399	Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399 The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings ...	jegstudio	Gutenverse – WordPress Blocks, Page Builder & Site Editor	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-11987	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 27, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245

Recent Advisories

NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404

RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242

Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233

Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462

Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295

Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471

Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987

Protect Your Attack Surface with RedGem

Security Intelligence
Feed