category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-11783	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU_CVE-2026-11783 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-11773	Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification_CVE-2026-11773 The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, an...	masteriyo	Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-11597	Surbma \| Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-11597 The Surbma \| Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in vers...	surbma	Surbma \| Infusionsoft Shortcode	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-11364	Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versi...	dornaweb	Product Specifications for Woocommerce	Jun 27, 2026	CVE
CRITICAL 9.8	CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter_CVE-2026-12415 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_accou...	pravel	Invoice Generator	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-13422	HD Quiz 2.2.0 – 2.2.1 – Cross-Site Request Forgery via Multiple AJAX Handlers_CVE-2026-13422 The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce ...	harmonic_design	HD Quiz 2.2.0	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13335	CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta_CVE-2026-13335 The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions...	codepeople	CodePeople Post Map for Google Maps	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-13333	Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter_CVE-2026-13333 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Paramet...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-13331	Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter_CVE-2026-13331 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter ...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 27, 2026	CVE
MEDIUM 4.4	CVE-2026-11356	Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings_CVE-2026-11356 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_c...	vinod-dalvi	Ivory Search – WordPress Search Plugin	Jun 27, 2026	CVE