HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39533	WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds	WPTasty	AWP Classifieds n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39532	WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory	Stiofan	Events Calendar for GeoDirectory 2.3.25	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39524	WordPress Masteriyo – LMS plugin <= 2.1.5 - Payment Bypass vulnerability_CVE-2026-39524 Unauthenticated Broken Access Control in Masteriyo - LMS	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39518	WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-39518 Subscriber Insecure Direct Object References (IDOR) in EventPrime	EventPrime	EventPrime n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39514	WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39514 Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions	Cozmoslabs	Paid Member Subscriptions n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39513	WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability_CVE-2026-39513 Unauthenticated Broken Access Control in Easy Appointments	Easy Appointments	Easy Appointments n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-39507	WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39507 Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed	Themeisle	Social Slider Feed n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39503	WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability_CVE-2026-39503 Unauthenticated Broken Access Control in Easy Digital Downloads	Awesomemotive	Easy Digital Downloads n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-39499	WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability_CVE-2026-39499 Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce	Wombat Plugins	Advanced Product Fields (Product Addons) for WooCommerce n/a	Jun 15, 2026	CVE