CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-49775	WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability_CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce	info@welcart	Welcart e-Commerce n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-49773	WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.	FolioVision	FV Flowplayer Video Player n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49770	WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability_CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine	WP Travel Engine	WP Travel Engine n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49769	WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability_CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49768	WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability_CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms	The WP Folks	Happyforms n/a	Jun 15, 2026	CVE
CRITICAL 9.9	CVE-2026-49766	WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability_CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager	WP User Manager	WP User Manager n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49765	WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability_CVE-2026-49765 Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms	CRM Perks	Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49764	WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability_CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic	Metagauss	RegistrationMagic n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49763	WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability_CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot	CRM Perks	Integration for Contact Form 7 HubSpot n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-49112	WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability_CVE-2026-49112 Unauthenticated Path Traversal in Shared Files	Tammersoft	Shared Files n/a	Jun 15, 2026	CVE