MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-39527	WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.	sc Internet Vivoo	WpStream n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39525	WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability_CVE-2026-39525 Unauthenticated Broken Access Control in Booking Activities	Booking Activities Team	Booking Activities n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39515	WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability_CVE-2026-39515 Subscriber Broken Access Control in Motors < 1.4.107 versions.	StylemixThemes	Motors n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39491	WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39491 Subscriber Cross Site Scripting (XSS) in JupiterX Core	artbees	JupiterX Core n/a	Jun 15, 2026	CVE
MEDIUM 4.4	CVE-2026-39489	WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability_CVE-2026-39489 Author Arbitrary File Download in Download Monitor	WP Chill	Download Monitor n/a	Jun 15, 2026	CVE
MEDIUM 6.8	CVE-2026-39468	WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability_CVE-2026-39468 Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework	eLightUp	Meta Box – WordPress Custom Fields Framework n/a	Jun 15, 2026	CVE
MEDIUM 6.3	CVE-2026-39451	WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39451 Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider	jgwhite33	WP Google Review Slider n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-34892	WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability_CVE-2026-34892 Subscriber Broken Access Control in Rank Math SEO	Rank Math SEO	Rank Math SEO n/a	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-25440	WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability_CVE-2026-25440 Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.	WPDeveloper	Essential Addons for Elementor n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2025-69332	WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability_CVE-2025-69332 Subscriber Broken Access Control in Bookify	myCred	Bookify n/a	Jun 15, 2026	CVE