HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-40762	WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability_CVE-2026-40762 Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.	WPGraphQL	WPGraphQL n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40741	WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability_CVE-2026-40741 Unauthenticated Broken Access Control in Redsys for WooCommerce Light	Jose Conti	Redsys for WooCommerce Light n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-40732	WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram	rainafarai	Notification for Telegram n/a	Jun 15, 2026	CVE
HIGH 7.7	CVE-2026-40727	WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability_CVE-2026-40727 Sales Representative Arbitrary File Deletion in Groundhogg	Groundhogg	Groundhogg n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-39587	WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability_CVE-2026-39587 Unauthenticated Privilege Escalation in WP BASE Booking	Hakan Ozevin	WP BASE Booking n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39579	WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability_CVE-2026-39579 Contributor Privilege Escalation in B Blocks	bPlugins	B Blocks n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39533	WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds	WPTasty	AWP Classifieds n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39532	WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory	Stiofan	Events Calendar for GeoDirectory 2.3.25	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39524	WordPress Masteriyo – LMS plugin <= 2.1.5 - Payment Bypass vulnerability_CVE-2026-39524 Unauthenticated Broken Access Control in Masteriyo - LMS	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE