category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-40809	WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability_CVE-2026-40809 Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This is...	Rara Themes	Metro Magazine n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-39581	WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability_CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic	activity-log.com	WP Sessions Time Monitoring Full Automatic n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39574	WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability_CVE-2026-39574 Unauthenticated SQL Injection in InPost Gallery	RealMag777	InPost Gallery n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-39490	WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability_CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core	artbees	JupiterX Core n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-39437	WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce	WPFactory	Min Max Step Quantity Limits Manager for WooCommerce n/a	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-2381	WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter_CVE-2026-2381 The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on...	woocommerce	WooCommerce Stripe Payment Gateway	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-10825	Improper JSON Input Validation in WebSocket API Leads to Denial of Service_CVE-2026-10825 A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged ...	Moxa	NPort 6000-G2 Series 1.0	Jun 16, 2026	CVE
HIGH 7.5	CVE-2025-68045	WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability_CVE-2025-68045 Unauthenticated Broken Access Control in WP Event SOlution	Arraytics	WP Event SOlution n/a	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-8444	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter_CVE-2026-8444 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action ...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
MEDIUM 6.4	CVE-2026-10093	File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter_CVE-2026-10093 The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' param...	deepakkite	Secure Client Portal and Private File Sharing Plugin – User Private Files	Jun 16, 2026	CVE