Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

307 New today

65,239 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

307

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 6.4

Avalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8865

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied short...

CVE-2026-8865 paradigmatools Avalon23 Products Filter for WooCommerce

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8705	ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection_CVE-2026-8705 The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJ...	clearsale	ClearSale Total <= 3.4.2	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-8690	RentMy Real-Time Rental Management Plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update via rentmy_cdn_request AJAX Action_CVE-2026-8690 The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0....	rentmy	RentMy Real-Time Rental Management Plugin	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-8688	Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action_CVE-2026-8688 The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to t...	krishaweb	Advance Nav Menu Manager	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-8628	EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter_CVE-2026-8628 The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including,...	owencutajar	EntreDroppers	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-8622	Image Sizes on Demand <= 1.3 - Reflected Cross-Site Scripting via PHP_SELF Server Variable_CVE-2026-8622 The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, ...	pixelwelt	Image Sizes on Demand	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-8617	SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions_CVE-2026-8617 The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This i...	ailchev	SearchPlus	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-8614	Assistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX Action_CVE-2026-8614 The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verificati...	assistioai	Assistio	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-7617	Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action_CVE-2026-7617 The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin ...	secufor	Secufor_OAuth	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-6292	MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292 The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This i...	manuelpadillac	MP Customize Login Page	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Avalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8865

Recent Advisories

ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection_CVE-2026-8705

RentMy Real-Time Rental Management Plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update via rentmy_cdn_request AJAX Action_CVE-2026-8690

Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action_CVE-2026-8688

EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter_CVE-2026-8628

Image Sizes on Demand <= 1.3 - Reflected Cross-Site Scripting via PHP_SELF Server Variable_CVE-2026-8622

SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions_CVE-2026-8617

Assistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX Action_CVE-2026-8614

Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action_CVE-2026-7617

MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292

Protect Your Attack Surface with RedGem

Security Intelligence
Feed