MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-40793	WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability_CVE-2026-40793 Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.	Groundhogg	Groundhogg n/a	Jun 15, 2026	CVE
MEDIUM 6.3	CVE-2026-40792	WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40792 Subscriber Insecure Direct Object References (IDOR) in KiviCare	Iqonic Design	KiviCare n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40790	WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability_CVE-2026-40790 Subscriber Sensitive Data Exposure in WP SMS	VeronaLabs	WP SMS n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40782	WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability_CVE-2026-40782 Unauthenticated Broken Access Control in WPAdverts	Greg Winiarski	WPAdverts n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40773	WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability_CVE-2026-40773 Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress	rtCamp Inc.	rtMedia for WordPress, BuddyPress and bbPress n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40743	WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability_CVE-2026-40743 Unauthenticated Broken Access Control in Tutor LMS	Themeum	Tutor LMS n/a	Jun 15, 2026	CVE
MEDIUM 6.4	CVE-2026-39594	WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability_CVE-2026-39594 Subscriber Broken Access Control in Ultra Addons for WPForms	Themefic	Ultra Addons for WPForms n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39584	WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability_CVE-2026-39584 Subscriber Broken Access Control in RepairBuddy	Webful Creations	RepairBuddy n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39540	WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce	Amit Mittal	Shipment Tracker for Woocommerce n/a	Jun 15, 2026	CVE
MEDIUM 5.4	CVE-2026-39527	WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.	sc Internet Vivoo	WpStream n/a	Jun 15, 2026	CVE