HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2025-46500	WordPress WordPress Auto Spinner plugin <= 3.25.0 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-46500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Refl...	ValvePress	Wordpress Auto Spinner n/a	Jul 16, 2025	CVE
HIGH 8.5	CVE-2025-32574	WordPress WPGYM plugin <= 65.0 - SQL Injection vulnerability_CVE-2025-32574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This iss...	mojoomla	WPGYM n/a	Jul 16, 2025	CVE
HIGH 7.1	CVE-2025-31427	WordPress Invico – WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-31427 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Bu...	designthemes	Invico - WordPress Consulting Business Theme n/a	Jul 16, 2025	CVE
HIGH 8.8	CVE-2025-31422	WordPress Visual Art \| Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability_CVE-2025-31422 Deserialization of Untrusted Data vulnerability in designthemes Visual Art \| Gallery WordPress Theme allows Object Injection. This issue affects Vi...	designthemes	Visual Art \| Gallery WordPress Theme n/a	Jul 16, 2025	CVE
HIGH 7.1	CVE-2025-31072	WordPress Ofiz – Business Consulting Theme plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-31072 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consul...	designthemes	Ofiz - WordPress Business Consulting Theme n/a	Jul 16, 2025	CVE
HIGH 7.5	CVE-2025-31070	WordPress HTML5 Radio Player – WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download vulnerability_CVE-2025-31070 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Bui...	LambertGroup	HTML5 Radio Player - WPBakery Page Builder Addon n/a	Jul 16, 2025	CVE
HIGH 7.1	CVE-2025-31055	WordPress Electrician – Electrical Service WordPress theme <= 1.0 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-31055 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service W...	vergatheme	Electrician - Electrical Service WordPress n/a	Jul 16, 2025	CVE
HIGH 7.1	CVE-2025-30955	WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-30955 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. T...	GT3themes	ListingEasy n/a	Jul 16, 2025	CVE
HIGH 7.5	CVE-2025-29000	WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability_CVE-2025-29000 Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrain...	August Infotech	Multi-language Responsive Contact Form n/a	Jul 16, 2025	CVE
HIGH 8.6	CVE-2025-28965	WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability_CVE-2025-28965 Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issu...	Md Yeasin Ul Haider	URL Shortener n/a	Jul 16, 2025	CVE