Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

293 New today
66,401 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
53
Jun 27
299
Jun 28
Jun 29
Critical
High
Medium
Low
Latest
CVE CVSS 6.4

Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2026-13295 gpriday Page Builder by SiteOrigin
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-12471

Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...

templatescoderthemes Spexo CVE
MEDIUM 5.3 CVE-2026-12432

Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_fai...

themeisle Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions CVE
MEDIUM 4.4 CVE-2026-12399

Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter_CVE-2026-12399

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings ...

jegstudio Gutenverse – WordPress Blocks, Page Builder & Site Editor CVE
MEDIUM 4.3 CVE-2026-11987

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter_CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...

dokaninc Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy CVE
MEDIUM 6.4 CVE-2026-11783

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored...

dokaninc Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy CVE
MEDIUM 4.3 CVE-2026-11773

Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification_CVE-2026-11773

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, an...

masteriyo Masteriyo LMS – LMS Course Builder, Quizzes & Certificates CVE
MEDIUM 6.4 CVE-2026-11597

Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in vers...

surbma Surbma | Infusionsoft Shortcode CVE
MEDIUM 4.3 CVE-2026-11364

Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versi...

dornaweb Product Specifications for Woocommerce CVE
HIGH 7.8 ECD48805-B674-

Exploit for Use After Free in Linux Linux_Kernel_ECD48805-B674-5D15-9640-7AE6AB574266

CVE-2026-43499 — Linux Kernel Futex PI Use-After-Free Bug removewaiter in kernel/locking/rtmutex.c is used by the slowlock paths but also for proxy...

N/A N/A GITHUBEXPLOIT