HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-40785	WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability_CVE-2026-40785 Subscriber Broken Authentication in AutomatorWP	Ruben Garcia	AutomatorWP n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40781	WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability_CVE-2026-40781 Unauthenticated Broken Authentication in ReviewX	ReviewX	ReviewX n/a	Jun 15, 2026	CVE
HIGH 7.7	CVE-2026-40779	WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability_CVE-2026-40779 Contributor Arbitrary File Deletion in Link Library	Yannick Lefebvre	Link Library n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40776	WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability_CVE-2026-40776 Unauthenticated Broken Access Control in WP Event SOlution	Arraytics	WP Event SOlution n/a	Jun 15, 2026	CVE
HIGH 7.3	CVE-2026-40775	WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability_CVE-2026-40775 Unauthenticated Broken Access Control in Royal MCP	Royal Plugins	Royal MCP n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40774	WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability_CVE-2026-40774 Unauthenticated Broken Access Control in Booking Package	SaasProject	Booking Package n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-40770	WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40770 Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates	RelyWP	Coupon Affiliates n/a	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-40769	WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability_CVE-2026-40769 Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field	Satinder Singh	Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40767	WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability_CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-40766	WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability_CVE-2026-40766 Subscriber SQL Injection in MasterStudy LMS	StylemixThemes	MasterStudy LMS n/a	Jun 15, 2026	CVE