category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-11357	Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization_CVE-2026-11357 The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions...	stellarwp	Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	Jun 18, 2026	CVE
MEDIUM 4.9	CVE-2026-10736	Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter_CVE-2026-10736 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all ve...	themeum	Tutor LMS – eLearning and online course solution	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-10623	PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' Parameters_CVE-2026-10623 The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference i...	pressprimer	PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-10029	Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints_CVE-2026-10029 The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in a...	eventkoi	Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-9815	MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE_CVE-2026-9815 The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a fo...	Unknown	MagicForm	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-55746	Cotonti stored XSS via PFS folder title_CVE-2026-55746 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder tit...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-55745	Cotonti CSRF in PFS folder edit allows unauthorized folder modification_CVE-2026-55745 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-55744	Cotonti CSRF in PFS allows forced arbitrary file upload_CVE-2026-55744 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.6	CVE-2026-55742	Cotonti CSRF in admin.rights.php allows privilege escalation_CVE-2026-55742 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/ad...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55741	Cotonti CSRF in admin.config.php allows unauthorized configuration changes_CVE-2026-55741 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/a...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE