tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-42656	WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42656 Subscriber Cross Site Scripting (XSS) in Contest Gallery	Wasiliy Strecker	Contest Gallery n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-42655	WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability_CVE-2026-42655 Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP	WPManageNinja	Best Payments Plugin for WP n/a	Jun 15, 2026	CVE
MEDIUM 6.3	CVE-2026-42651	WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability_CVE-2026-42651 Subscriber Broken Access Control in Classified Listing	Mamunur Rashid	Classified Listing n/a	Jun 15, 2026	CVE
HIGH 7.2	CVE-2026-42650	WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42650 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP	Ruben Garcia	AutomatorWP n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-42649	WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42649 Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator	Archetyped	Favicon Rotator n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42640	WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability_CVE-2026-42640 Unauthenticated Broken Access Control in Classified Listing	Mamunur Rashid	Classified Listing n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42639	WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability_CVE-2026-42639 Unauthenticated SQL Injection in GD Rating System	Dev4Press	GD Rating System n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-42411	WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability_CVE-2026-42411 Unauthenticated Broken Authentication in CloudSecure WP Security	XServer	CloudSecure WP Security n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42386	WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability_CVE-2026-42386 Unauthenticated SQL Injection in Order Delivery Date for WooCommerce	tychesoftwares	Order Delivery Date for WooCommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-42384	WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability_CVE-2026-42384 Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.	NSquared	Simply Schedule Appointments n/a	Jun 15, 2026	CVE