category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-48967	WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability_CVE-2026-48967 Subscriber SQL Injection in Geo Mashup	Dylan Kuhn	Geo Mashup n/a	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-48875	WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability_CVE-2026-48875 Unauthenticated SQL Injection in JetSmartFilters	Jetimpex Inc.	JetSmartFilters n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-45436	WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability_CVE-2026-45436 Subscriber Broken Access Control in WPBakery Page Builder	Rain-Task Ltd.	WPBakery Page Builder n/a	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-42629	WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability_CVE-2026-42629 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.	Powerpackelements	PowerPack Pro for Elementor n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-42385	WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42385 Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro	Cozmoslabs	Profile Builder Pro n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2026-42380	WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability_CVE-2026-42380 Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.	jwsthemes	AI Lab n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-41557	WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-41557 Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.	PressLayouts	Kapee n/a	Jun 17, 2026	CVE
CRITICAL 9.9	CVE-2026-40783	WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability_CVE-2026-40783 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro	Creative Themes	Blocksy Companion Pro n/a	Jun 17, 2026	CVE
HIGH 7.3	CVE-2026-40768	WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40768 Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system	Dimitri Grassi	Salon booking system n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-40765	WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40765 Unauthenticated Cross Site Scripting (XSS) in collectchat	collectchat	collectchat n/a	Jun 17, 2026	CVE