category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-8614	Assistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX Action_CVE-2026-8614 The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verificati...	assistioai	Assistio	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-7617	Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action_CVE-2026-7617 The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin ...	secufor	Secufor_OAuth	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-6292	MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292 The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This i...	manuelpadillac	MP Customize Login Page	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-4297	Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method_CVE-2026-4297 The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is ...	newscred	Welcome Software Publishing 0.0.31	Jun 24, 2026	CVE
HIGH 7	CVE-2026-13006	Incomplete protection against CVE-2025-11226_CVE-2026-13006 ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, all...	QOS.CH Sarl	Logback-core 0.9.20	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-12417	SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover_CVE-2026-12417 The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in v...	pravel	SignUp & SignIn	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-12416	Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter_CVE-2026-12416 The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This i...	pravel	Invoice Generator	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12100	URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100 The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter...	abhisheksaha11	URL Preview	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12095	Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095 The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' param...	bytuncay	Kargo Takip	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-12094	Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094 The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on t...	iamranit	Advanced Contact Form 7 – Compact DB	Jun 24, 2026	CVE