Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

307 New today
65,239 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
307
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 8.8

Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method_CVE-2026-4297

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The functi...

CVE-2026-4297 newscred Welcome Software Publishing 0.0.31
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7 CVE-2026-13006

Incomplete protection against CVE-2025-11226_CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, all...

QOS.CH Sarl Logback-core 0.9.20 CVE
CRITICAL 9.8 CVE-2026-12417

SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover_CVE-2026-12417

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in v...

pravel SignUp & SignIn CVE
CRITICAL 9.8 CVE-2026-12416

Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter_CVE-2026-12416

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This i...

pravel Invoice Generator CVE
HIGH 7.2 CVE-2026-12100

URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter...

abhisheksaha11 URL Preview CVE
HIGH 7.2 CVE-2026-12095

Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' param...

bytuncay Kargo Takip CVE
MEDIUM 5.3 CVE-2026-12094

Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on t...

iamranit Advanced Contact Form 7 – Compact DB CVE
MEDIUM 4.3 CVE-2026-11997

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or ...

seo_tools Bulk SEO Image CVE
MEDIUM 6.4 CVE-2026-11370

WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...

joomunited WP Meta SEO CVE
MEDIUM 4.3 CVE-2026-10552

Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...

jotis Blue Captcha CVE