HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-49073	WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability_CVE-2026-49073 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL In...	wpWax	Directorist Booking n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-49057	WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability_CVE-2026-49057 Unauthenticated Broken Access Control in JobSearch	EyeCix Technologies	JobSearch n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-48869	WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-48869 Unauthenticated Cross Site Scripting (XSS) in Enfold	Kriesi	Enfold n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-48779	ws: Memory exhaustion DoS from tiny fragments and data chunks_CVE-2026-48779 ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from...	websockets	ws >= 1.1.0, < 5.2.5	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40761	WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability_CVE-2026-40761 Unauthenticated PHP Object Injection in Valeska	Edge-Themes	Valeska n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40760	WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability_CVE-2026-40760 Unauthenticated PHP Object Injection in Behold	Edge-Themes	Behold n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40759	WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability_CVE-2026-40759 Unauthenticated PHP Object Injection in Esmée	Mikado-Themes	Esmée n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40758	WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability_CVE-2026-40758 Unauthenticated PHP Object Injection in Léonie	Elated-Themes	Léonie n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40755	WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability_CVE-2026-40755 Unauthenticated PHP Object Injection in TechLink	Mikado-Themes	TechLink n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40754	WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability_CVE-2026-40754 Unauthenticated PHP Object Injection in Roisin	Elated-Themes	Roisin n/a	Jun 16, 2026	CVE