HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-39498	WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability_CVE-2026-39498 Shop manager PHP Object Injection in YayMail	Yeeaddons	YayMail n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39481	WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability_CVE-2026-39481 Author PHP Object Injection in Modula Image Gallery	WP Chill	Modula Image Gallery n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39480	WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-39480 Unauthenticated Sensitive Data Exposure in Backup Migration	Inisev	Backup Migration n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39478	WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability_CVE-2026-39478 Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall	Eli Scheetz	Anti-Malware Security and Brute-Force Firewall n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39474	WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability_CVE-2026-39474 Contributor PHP Object Injection in Post Duplicator	metaphorcreations	Post Duplicator n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39472	WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability_CVE-2026-39472 Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.	WP Overnight	WooCommerce PDF Invoices & Packing Slips n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39471	WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability_CVE-2026-39471 Author PHP Object Injection in ShortPixel Image Optimizer	ShortPixel	ShortPixel Image Optimizer n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39470	WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability_CVE-2026-39470 Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.	Brainstorm Force	WooCommerce Cart Abandonment Recovery n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39463	WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39463 Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker	ManageWP	ManageWP Worker n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39450	WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability_CVE-2026-39450 Subscriber Broken Authentication in FunnelKit Automations	Aman	FunnelKit Automations n/a	Jun 15, 2026	CVE