HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2025-54689	WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability_CVE-2025-54689 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Lo...	thembay	Urna n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-54679	WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability_CVE-2025-54679 Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security...	vertim	Neon Channel Product Customizer Free n/a	Aug 14, 2025	CVE
HIGH 8.5	CVE-2025-52823	WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability_CVE-2025-52823 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection....	ovatheme	Cube Portfolio n/a	Aug 14, 2025	CVE
HIGH 8.5	CVE-2025-52820	WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability_CVE-2025-52820 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS...	infosoftplugin	WooCommerce Point Of Sale (POS) n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-52806	WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability_CVE-2025-52806 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PH...	eyecix	JobSearch n/a	Aug 14, 2025	CVE
HIGH 7.3	CVE-2025-52801	WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability_CVE-2025-52801 Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects T...	VonStroheim	TheBooking n/a	Aug 14, 2025	CVE
HIGH 7.3	CVE-2025-52800	WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability_CVE-2025-52800 Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained...	Unity Business Technology Pty Ltd	The E-Commerce ERP n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-52788	WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-52788 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected ...	Russell Jamieson	CaptionPix n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-52785	WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability_CVE-2025-52785 Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec...	softnwords	SMM API n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-52775	WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability_CVE-2025-52775 Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security L...	Ronik@UnlimitedWP	Project Cost Calculator n/a	Aug 14, 2025	CVE