MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-4328	Advanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' Parameter_CVE-2026-4328 The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to t...	addonspress	Advanced Import	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-1856	Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856 The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions ...	creavi	Creavi Appointment Booking Calendar	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12644	CVE-2026-12644_CVE-2026-12644 Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype me...	n/a	ts-deepmerge	Jun 19, 2026	CVE
MEDIUM 4.4	CVE-2026-12430	Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430 The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2....	creativethemeshq	Blocksy Companion	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-12157	BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157 The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...	wpdevteam	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-11989	Bit integrations <= 2.8.7 - Unauthenticated Server-Side Request Forgery via Form Field Upload Mapping_CVE-2026-11989 The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Reque...	bitpressadmin	Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation	Jun 19, 2026	CVE
MEDIUM 5.9	CVE-2026-11752	CVE-2026-11752_CVE-2026-11752 A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-pla...	LY Corporation	Armeria 1.38.0	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-10720	MicroCeph path traversal issue in the remote-import API_CVE-2026-10720 Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trus...	Canonical	Microceph 19.2.1+snap74c0060321	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-10034	WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)_CVE-2026-10034 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to t...	legalweb	WP DSGVO Tools (GDPR)	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-6798	2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter_CVE-2026-6798 The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1...	2download	2Download Connector for 2DL Hosted Checkout	Jun 19, 2026	CVE