Critical Alert 1 Active Exploit Detected Today

CVE-2026-48558 — SimpleHelp Authentication Bypass Vulnerability →

Powered by CVE Watchtower

×

wordpress

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover

Do Son November 1, 2025

The Post SMTP plugin, used by over 400,000 WordPress sites to ensure reliable email delivery, has been...

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image WooCommerce Skimmer, Fake PNG Steganography

WooCommerce Skimmer, Fake PNG Steganography

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image

Do Son October 31, 2025

The Wordfence Threat Intelligence Team has uncovered a highly sophisticated malware campaign targeting WordPress e-commerce sites using...

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533) Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533)

Do Son October 30, 2025

The Wordfence Threat Intelligence team has issued an urgent warning about CVE-2025-11533, a critical privilege escalation vulnerability...

LiteSpeed Cache Flaw (CVE-2025-12450): 7 Million WordPress Sites Exposed to XSS Attack CVE-2024-3246 LiteSpeed Cache, XSS, WordPress Vulnerability

CVE-2024-3246 LiteSpeed Cache, XSS, WordPress Vulnerability

LiteSpeed Cache Flaw (CVE-2025-12450): 7 Million WordPress Sites Exposed to XSS Attack

Do Son October 29, 2025

A security flaw has been discovered in the LiteSpeed Cache for WordPress (LSCWP) plugin, one of the...

Critical WordPress RCE Flaws Resurface: Over 8.7 Million Attacks Exploit GutenKit & Hunk Companion WordPress RCE Plugins, Unauthenticated Install

WordPress RCE Plugins, Unauthenticated Install

Critical WordPress RCE Flaws Resurface: Over 8.7 Million Attacks Exploit GutenKit & Hunk Companion

Do Son October 25, 2025

The Wordfence Threat Intelligence team has issued a new warning about the resurgence of large-scale attacks exploiting...

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin

Do Son October 8, 2025

Security researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass vulnerability in...

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin WordPress Auth Bypass, CVE-2025-6388 Exploited

WordPress Auth Bypass, CVE-2025-6388 Exploited

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin

Do Son October 3, 2025

A newly disclosed vulnerability in the Spirit Framework plugin for WordPress has put thousands of websites at...

Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites Yoast XSS, CVE-2025-11241

Yoast XSS, CVE-2025-11241

Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites

Do Son October 3, 2025

A new vulnerability has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Do Son September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access

Do Son September 25, 2025

Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by...

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss WordPress vulnerability, CVE-2025-7384

WordPress vulnerability, CVE-2025-7384

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss

Do Son August 14, 2025

A critical security vulnerability has been disclosed in the widely used Database for Contact Form 7, WPforms,...

Efimer Trojan: New Crypto-Stealer Hijacks Wallets via Fake Legal Threats & Malicious Torrents Efimer Trojan, Crypto Hijacking

Efimer Trojan, Crypto Hijacking

Efimer Trojan: New Crypto-Stealer Hijacks Wallets via Fake Legal Threats & Malicious Torrents

Do Son August 11, 2025

Kaspersky Labs has uncovered a sophisticated, multi-pronged malware operation leveraging fake legal threats, compromised WordPress sites, and...

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites

Do Son August 7, 2025

A critical security vulnerability has been discovered in the Everest Forms plugin, a widely used WordPress plugin...

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover

Do Son July 30, 2025

A critical-severity vulnerability in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has left thousands of...

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads WordPress Supply Chain, Plugin Backdoor

WordPress Supply Chain, Plugin Backdoor

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads

Do Son July 14, 2025

In a concerning development for WordPress site administrators, the Patchstack team has uncovered a targeted supply chain...

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks WordPress Plugin, Arbitrary File Deletion

WordPress Plugin, Arbitrary File Deletion

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

Do Son July 10, 2025

A critical vulnerability in the SureForms WordPress plugin—which has over 200,000 active installations—has exposed websites to a...

NetSupport RAT Returns: Weaponized via WordPress & “ClickFix” for Remote Access NetSupport RAT, ClickFix Technique

NetSupport RAT, ClickFix Technique

NetSupport RAT Returns: Weaponized via WordPress & “ClickFix” for Remote Access

Do Son July 8, 2025

Recently, security researchers at the Cybereason Global Security Operations Center (GSOC) discovered a highly deceptive malware campaign...

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection WordPress Malware, SEO Spam

WordPress Malware, SEO Spam

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection

Do Son July 4, 2025

In a recent investigation, Kayleigh Martin, a Security Analyst at Sucuri, uncovered a cunning new tactic used...

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover WordPress Plugin, Arbitrary File Deletion

WordPress Plugin, Arbitrary File Deletion

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover

Do Son July 2, 2025

A newly disclosed high-severity vulnerability in the popular Forminator plugin threatens the security of hundreds of thousands...

Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces

wordpress

Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces

Do Son June 30, 2025

Sucuri’s Puja Srivastava recently uncovered a stealthy and complex malware campaign targeting WordPress websites that left no...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel📅 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel📅 Updated: Jun 25, 2026
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CISA KEV📅 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026