HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-39471	WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability_CVE-2026-39471 Author PHP Object Injection in ShortPixel Image Optimizer	ShortPixel	ShortPixel Image Optimizer n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39470	WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability_CVE-2026-39470 Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.	Brainstorm Force	WooCommerce Cart Abandonment Recovery n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39463	WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39463 Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker	ManageWP	ManageWP Worker n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39450	WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability_CVE-2026-39450 Subscriber Broken Authentication in FunnelKit Automations	Aman	FunnelKit Automations n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39449	WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39449 Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API	IT Path Solutions	Contact Form to Any API n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39447	WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39447 Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments	NSquared	Simply Schedule Appointments n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39435	WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39435 Unauthenticated Cross Site Scripting (XSS) in CformsII	bgermann	CformsII n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39434	WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability_CVE-2026-39434 Shop manager PHP Object Injection in CTX Feed	WebAppick	CTX Feed n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34902	WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-34902 Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite	WC Product Table	WooCommerce Product Table Lite n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34900	WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-34900 Unauthenticated Cross Site Scripting (XSS) in GiveWP	Liquid Web / StellarWP	GiveWP n/a	Jun 15, 2026	CVE