CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-39540	WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce	Amit Mittal	Shipment Tracker for Woocommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39533	WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds	WPTasty	AWP Classifieds n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39532	WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory	Stiofan	Events Calendar for GeoDirectory 2.3.25	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39530	WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability_CVE-2026-39530 Unauthenticated SQL Injection in SpeakOut! Email Petitions	SpeakOut!	SpeakOut! Email Petitions n/a	Jun 15, 2026	CVE
MEDIUM 5.4	CVE-2026-39527	WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.	sc Internet Vivoo	WpStream n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39525	WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability_CVE-2026-39525 Unauthenticated Broken Access Control in Booking Activities	Booking Activities Team	Booking Activities n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39524	WordPress Masteriyo – LMS plugin <= 2.1.5 - Payment Bypass vulnerability_CVE-2026-39524 Unauthenticated Broken Access Control in Masteriyo - LMS	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39519	WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability_CVE-2026-39519 Unauthenticated SQL Injection in GeekyBot	Ahmad	GeekyBot n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39518	WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-39518 Subscriber Insecure Direct Object References (IDOR) in EventPrime	EventPrime	EventPrime n/a	Jun 15, 2026	CVE