HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	C5560A1B-5696-	Exploit for CVE-2026-8461_C5560A1B-5696-5AA7-9658-FAC21FF2EC4F cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.2	CVE-2026-9643	WP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 Logging_CVE-2026-9643 The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versio...	joomunited	WP Meta SEO	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-9179	WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter_CVE-2026-9179 The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint ...	hancock11	WP Forms Connector	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-9178	WP Forms Connector <= 1.8 - Missing Authorization to Unauthenticated Information Exposure via 'user/list' REST Endpoint_CVE-2026-9178 The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers t...	hancock11	WP Forms Connector	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-8705	ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection_CVE-2026-8705 The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJ...	clearsale	ClearSale Total <= 3.4.2	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-4297	Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method_CVE-2026-4297 The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is ...	newscred	Welcome Software Publishing 0.0.31	Jun 24, 2026	CVE
HIGH 7	CVE-2026-13006	Incomplete protection against CVE-2025-11226_CVE-2026-13006 ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, all...	QOS.CH Sarl	Logback-core 0.9.20	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12100	URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100 The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter...	abhisheksaha11	URL Preview	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12095	Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095 The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' param...	bytuncay	Kargo Takip	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10092	Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...	nicashmu	Cincopa video and media plug-in	Jun 24, 2026	CVE