MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.1	CVE-2026-9280	Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode_CVE-2026-9280 The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode i...	spacetime	Ad Inserter – Ad Manager & AdSense Ads	Jun 6, 2026	CVE
MEDIUM 4.9	CVE-2026-9197	Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export_CVE-2026-9197 The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImag...	nextendweb	Smart Slider 3	Jun 6, 2026	CVE
MEDIUM 4.4	CVE-2026-8991	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings_CVE-2026-8991 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' ...	glenwpcoder	Drag and Drop Multiple File Upload for Contact Form 7	Jun 6, 2026	CVE
MEDIUM 4.9	CVE-2026-8978	OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter_CVE-2026-8978 The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' pa...	crafium	OptinCraft – Drag & Drop Optins & Popup Builder for WordPress	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-8502	LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters_CVE-2026-8502 The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in al...	thimpress	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	Jun 6, 2026	CVE
MEDIUM 6.4	CVE-2026-7796	EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute_CVE-2026-7796 The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cros...	wpdevteam	EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	Jun 6, 2026	CVE
MEDIUM 6.4	CVE-2026-7795	Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter_CVE-2026-7795 The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all ver...	holithemes	Click to Chat – HoliThemes	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-7792	WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint_CVE-2026-7792 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Ve...	smub	WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-7665	Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler_CVE-2026-7665 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versio...	wpdevteam	Essential Addons for Elementor – Popular Elementor Templates & Widgets	Jun 6, 2026	CVE
MEDIUM 6.6	CVE-2026-7566	LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload_CVE-2026-7566 The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via...	thimpress	LearnPress – Backup & Migration Tool	Jun 6, 2026	CVE