CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-39502	WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability_CVE-2026-39502 Unauthenticated SQL Injection in Form Maker by 10Web	10Web	Form Maker by 10Web 1.15.38	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39499	WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability_CVE-2026-39499 Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce	Wombat Plugins	Advanced Product Fields (Product Addons) for WooCommerce n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39498	WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability_CVE-2026-39498 Shop manager PHP Object Injection in YayMail	Yeeaddons	YayMail n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39493	WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability_CVE-2026-39493 Unauthenticated SQL Injection in Simply Schedule Appointments	NSquared	Simply Schedule Appointments n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39492	WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability_CVE-2026-39492 Unauthenticated SQL Injection in WP Maps	Flipper Code – WordPress Development Company	WP Maps n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39491	WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39491 Subscriber Cross Site Scripting (XSS) in JupiterX Core	artbees	JupiterX Core n/a	Jun 15, 2026	CVE
MEDIUM 4.4	CVE-2026-39489	WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability_CVE-2026-39489 Author Arbitrary File Download in Download Monitor	WP Chill	Download Monitor n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39481	WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability_CVE-2026-39481 Author PHP Object Injection in Modula Image Gallery	WP Chill	Modula Image Gallery n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39480	WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-39480 Unauthenticated Sensitive Data Exposure in Backup Migration	Inisev	Backup Migration n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39478	WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability_CVE-2026-39478 Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall	Eli Scheetz	Anti-Malware Security and Brute-Force Firewall n/a	Jun 15, 2026	CVE