HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-40769	WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability_CVE-2026-40769 Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field	Satinder Singh	Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40767	WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability_CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-40766	WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability_CVE-2026-40766 Subscriber SQL Injection in MasterStudy LMS	StylemixThemes	MasterStudy LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40762	WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability_CVE-2026-40762 Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.	WPGraphQL	WPGraphQL n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40741	WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability_CVE-2026-40741 Unauthenticated Broken Access Control in Redsys for WooCommerce Light	Jose Conti	Redsys for WooCommerce Light n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-40732	WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram	rainafarai	Notification for Telegram n/a	Jun 15, 2026	CVE
HIGH 7.7	CVE-2026-40727	WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability_CVE-2026-40727 Sales Representative Arbitrary File Deletion in Groundhogg	Groundhogg	Groundhogg n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-39587	WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability_CVE-2026-39587 Unauthenticated Privilege Escalation in WP BASE Booking	Hakan Ozevin	WP BASE Booking n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39579	WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability_CVE-2026-39579 Contributor Privilege Escalation in B Blocks	bPlugins	B Blocks n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE