HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-34902	WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-34902 Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite	WC Product Table	WooCommerce Product Table Lite n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34900	WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-34900 Unauthenticated Cross Site Scripting (XSS) in GiveWP	Liquid Web / StellarWP	GiveWP n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-34898	WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability_CVE-2026-34898 Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce	WP Swings	Event Tickets Manager for WooCommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-34891	WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability_CVE-2026-34891 Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce	IDPay	IDPay Payment Gateway for Woocommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-34886	WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability_CVE-2026-34886 Unauthenticated Broken Access Control in Simple Membership	wp.insider	Simple Membership n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-27407	WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability_CVE-2026-27407 Editor Privilege Escalation in AI Engine	Meow Apps	AI Engine n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-27333	WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability_CVE-2026-27333 Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site	VideoWhisper.com	Paid Videochat Turnkey Site n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-27089	WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability_CVE-2026-27089 Unauthenticated Bypass Vulnerability in WpTravelly	Magepeople inc.	WpTravelly n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-25425	WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability_CVE-2026-25425 Unauthenticated Broken Access Control in User Registration	ThemeGrill	User Registration n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-24637	WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability_CVE-2026-24637 Contributor SQL Injection in PowerPress Podcasting	Blubrry Podcasting	PowerPress Podcasting n/a	Jun 15, 2026	CVE