MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-34460	NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping_CVE-2026-34460 NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state paramete...	NamelessMC	Nameless < 2.2.5	Jun 2, 2026	CVE
MEDIUM 4.3	H1:3775183	PortSwigger Web Security: Incomplete fix for CVE-2022-35406: meta-redirect content-type check bypassable via parameter injection_H1:3775183 The fix for CVE-2022-35406 (#1541301) stops Burp from following a redirect when the response Content-Type/Content-Disposition would prevent HTML r...	N/A	N/A	Jun 1, 2026	HACKERONE
MEDIUM 6.5	CVE-2026-8993	Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks_CVE-2026-8993 D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom...	Ditec a.s.	D.Launcher 2	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9730	Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-9730 The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This ...	jamesmuga	Remove NoFollow Commenter URL	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9723	Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page_CVE-2026-9723 The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is du...	ddd2500	Google Plus One Bottom	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9722	Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form_CVE-2026-9722 The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing...	pcis	Laiser Tag	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9599	Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update_CVE-2026-9599 The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missin...	russellr	Tectite Forms	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9234	JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions_CVE-2026-9234 The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due ...	ntbyk	JTL-Connector for WooCommerce	Jun 2, 2026	CVE
MEDIUM 6.4	CVE-2026-8885	DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8885 The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versio...	marcqueralt	DeMomentSomTres Shortcodes	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-8422	Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update_CVE-2026-8422 The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. Th...	mr_mat	Remove meta boxes per user role	Jun 2, 2026	CVE