MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-57665	WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57665 Unauthenticated Insecure Direct Object References (IDOR) in GravityView	GravityKit	GravityView n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57664	WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability_CVE-2026-57664 Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder	VillaTheme	Bopo – WooCommerce Product Bundle Builder n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-57661	WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability_CVE-2026-57661 Subscriber Broken Access Control in WPComplete	Nexcess	WPComplete n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57660	WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability_CVE-2026-57660 Unauthenticated Broken Access Control in Booking and Rental Manager	magepeopleteam	Booking and Rental Manager n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57657	WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57657 Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP	Noor Alam	Gmail SMTP n/a	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-57656	WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57656 Author Cross Site Scripting (XSS) in Hester Core	peregrinethemes	Hester Core n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57654	WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability_CVE-2026-57654 Affiliate Broken Access Control in Affiliates Manager	wp.insider	Affiliates Manager n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57652	WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57652 Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk	JoomSky	JS Help Desk n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57651	WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57651 Contributor Cross Site Scripting (XSS) in Ghost Kit	nK	Ghost Kit n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57650	WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57650 Contributor Cross Site Scripting (XSS) in Magazine Blocks	BlockArt	Magazine Blocks n/a	Jun 26, 2026	CVE