HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-54189	WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54189 Unauthenticated Cross Site Scripting (XSS) in JetEngine	Jetimpex Inc.	JetEngine n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-54188	WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54188 Unauthenticated Cross Site Scripting (XSS) in JetEngine	Jetimpex Inc.	JetEngine n/a	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-54185	WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability_CVE-2026-54185 Subscriber SQL Injection in Cornerstone < 7.8.8 versions.	THEMECO	Cornerstone n/a	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-54184	WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-54184 Unauthenticated Insecure Direct Object References (IDOR) in Clean Login	Alberto Hornero	Clean Login n/a	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-52698	WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability_CVE-2026-52698 Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget	Syed Balkhi	PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget n/a	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-52696	WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability_CVE-2026-52696 Unauthenticated Sensitive Data Exposure in JetBlog	Jetimpex Inc.	JetBlog n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-49778	WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49778 Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro	WPFunnels	WPFunnels Pro n/a	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-49081	WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability_CVE-2026-49081 Unauthenticated Broken Access Control in User Registration Stripe	ThemeGrill	User Registration Stripe n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-49074	WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49074 Unauthenticated Cross Site Scripting (XSS) in JetEngine	Jetimpex Inc.	JetEngine n/a	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-48967	WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability_CVE-2026-48967 Subscriber SQL Injection in Geo Mashup	Dylan Kuhn	Geo Mashup n/a	Jun 17, 2026	CVE