HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-52711	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS	kilbot	WooCommerce POS n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-39581	WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability_CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic	activity-log.com	WP Sessions Time Monitoring Full Automatic n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-39490	WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability_CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core	artbees	JupiterX Core n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-39437	WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce	WPFactory	Min Max Step Quantity Limits Manager for WooCommerce n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-10825	Improper JSON Input Validation in WebSocket API Leads to Denial of Service_CVE-2026-10825 A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged ...	Moxa	NPort 6000-G2 Series 1.0	Jun 16, 2026	CVE
HIGH 7.5	CVE-2025-68045	WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability_CVE-2025-68045 Unauthenticated Broken Access Control in WP Event SOlution	Arraytics	WP Event SOlution n/a	Jun 16, 2026	CVE
HIGH 8.5	B1BB8CF9-0BFD-	Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_B1BB8CF9-0BFD-571E-8152-2D53A8245793 CVE-2026-54420 Mitigation Toolkit Defensive remediation, auditing, and verification toolkit for CVE-2026-54420 affecting LiteSpeed cPanel Plugin in...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-8444	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter_CVE-2026-8444 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action ...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 8.7	30AECF2C-E55B-	Exploit for CVE-2026-20262_30AECF2C-E55B-530A-B3C5-DC776BD957D4 cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.7	EB7819E4-5D08-	Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin_EB7819E4-5D08-5B2B-B382-7EDE03F6667E cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT