category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-8444	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter_CVE-2026-8444 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action ...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
MEDIUM 6.4	CVE-2026-10093	File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter_CVE-2026-10093 The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' param...	deepakkite	Secure Client Portal and Private File Sharing Plugin – User Private Files	Jun 16, 2026	CVE
MEDIUM 5.3	CVE-2026-6964	Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action_CVE-2026-6964 The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is du...	j_3rk	Video Conferencing with Zoom	Jun 16, 2026	CVE
MEDIUM 5.3	CVE-2026-9187	Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter_CVE-2026-9187 The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This...	zealopensource	Abandoned Contact Form 7	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-8443	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter_CVE-2026-8443 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-6933	Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation_CVE-2026-6933 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. ...	premmerce	Premmerce Dev Tools	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-5149	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submiss...	rometheme	RTMKit	Jun 16, 2026	CVE
MEDIUM 6.7	CVE-2026-50255	CVE-2026-50255_CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbi...	Sony Corporation	Optical Disc Archive Software for Windows 5.5.3 and earlier	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-10780	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to t...	mohammadtanzilurrahman	Static Block	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2026-10635	Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_dom...	zephyrproject	zephyr 4.4.0	Jun 16, 2026	CVE