MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-8383	LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API_CVE-2026-8383 The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allo...	Unknown	LearnPress	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-7850	WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute_CVE-2026-7850 The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displ...	Unknown	WP Magnific Popup	Jun 17, 2026	CVE
MEDIUM 4.9	CVE-2026-41280	Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects_CVE-2026-41280 Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue aff...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2026-54196	WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability_CVE-2026-54196 Subscriber Privilege Escalation in JetFormBuilder	Jetmonsters	JetFormBuilder n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-49072	WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability_CVE-2026-49072 Unauthenticated Broken Access Control in WooCommerce Anti-Fraud	OPMC	WooCommerce Anti-Fraud n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-49071	WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability_CVE-2026-49071 Unauthenticated Broken Authentication in WooCommerce Dropshipping	OPMC	WooCommerce Dropshipping n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-45436	WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability_CVE-2026-45436 Subscriber Broken Access Control in WPBakery Page Builder	Rain-Task Ltd.	WPBakery Page Builder n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-40724	WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability_CVE-2026-40724 CP Client Arbitrary File Download in Client Portal (Pro)	Client Portal Ltd.	Client Portal (Pro) n/a	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-40723	WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability_CVE-2026-40723 Subscriber Broken Access Control in Bricks Builder	Bricks	Bricks Builder n/a	Jun 17, 2026	CVE
MEDIUM 4.7	CVE-2026-39595	WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability_CVE-2026-39595 Author Broken Access Control in W3 Total Cache	BoldGrid	W3 Total Cache n/a	Jun 17, 2026	CVE