HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-49074	WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49074 Unauthenticated Cross Site Scripting (XSS) in JetEngine	Jetimpex Inc.	JetEngine n/a	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-48967	WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability_CVE-2026-48967 Subscriber SQL Injection in Geo Mashup	Dylan Kuhn	Geo Mashup n/a	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-42629	WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability_CVE-2026-42629 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.	Powerpackelements	PowerPack Pro for Elementor n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-42385	WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42385 Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro	Cozmoslabs	Profile Builder Pro n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-41557	WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-41557 Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.	PressLayouts	Kapee n/a	Jun 17, 2026	CVE
HIGH 7.3	CVE-2026-40768	WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40768 Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system	Dimitri Grassi	Salon booking system n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-40765	WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40765 Unauthenticated Cross Site Scripting (XSS) in collectchat	collectchat	collectchat n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-40753	WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability_CVE-2026-40753 Unauthenticated PHP Object Injection in EasyMeals	Mikado-Themes	EasyMeals n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-40735	WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability_CVE-2026-40735 Unauthenticated PHP Object Injection in Reina	Edge-Themes	Reina n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-40731	WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability_CVE-2026-40731 Unauthenticated Local File Inclusion in ChapterOne	Mikado-Themes	ChapterOne n/a	Jun 17, 2026	CVE