HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-8442	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter_CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missi...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8176	LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset_CVE-2026-8176 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-5416	Command Injection via name parameter_CVE-2026-5416 Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vu...	TURCK	TBEN-LL-SE-M2 0.0.0	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54198	WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant	David Lingren	Media LIbrary Assistant n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54191	WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods	Pods Framework	Pods n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52714	WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability_CVE-2026-52714 Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO	SEO Squirrly	SEO Plugin by Squirrly SEO n/a	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-52712	WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712 Subscriber SQL Injection in Attendance Manager	tnomi	Attendance Manager n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52711	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS	kilbot	WooCommerce POS n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-39581	WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability_CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic	activity-log.com	WP Sessions Time Monitoring Full Automatic n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-39490	WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability_CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core	artbees	JupiterX Core n/a	Jun 16, 2026	CVE