Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2025-69106	WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability_CVE-2025-69106 Unauthenticated Local File Inclusion in Imba	ThemeREX	Imba n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2025-68524	WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68524 Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.	ThemeGoods	Avante n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60236	WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability_CVE-2025-60236 Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.	EMV	Creatify n/a	Jun 17, 2026	CVE
NONE	HACKREAD:A8E935...	Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It_HACKREAD:A8E935692FBF5A67FFF8EC2F1D7C5FCD London, United Kingdom, 17th June 2026, CyberNewswire	N/A	N/A	Jun 17, 2026	HACKREAD
NONE	HACKREAD:600F85...	152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fake Search Clicks_HACKREAD:600F85CFBFEFEDE3A0C9B930E7B5C6C1 Socket says the extensions worked as wallpaper tools, but also logged user data, disguised install traffic as Google clicks, and fed ad sites.	N/A	N/A	Jun 17, 2026	HACKREAD
CRITICAL 9.8	CVE-2025-60230	WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability_CVE-2025-60230 Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a ...	Themeton	The Barber Shop n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60229	WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability_CVE-2025-60229 Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.	Themeton	Lagom n/a	Jun 17, 2026	CVE
NONE	HACKREAD:78C492...	SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies_HACKREAD:78C49212E305A48D75814971066D3684 Austin, TX, USA, 17th June 2026, CyberNewswire	N/A	N/A	Jun 17, 2026	HACKREAD
CRITICAL 9.3	CVE-2025-59554	WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability_CVE-2025-59554 Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.	Advanced Ads GmbH	Advanced Ads – Tracking n/a	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2025-15657	WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-15657 Unauthenticated Insecure Direct Object References (IDOR) in School Management	Mojoomla	School Management n/a	Jun 17, 2026	CVE