MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.9	CVE-2026-56131	CVE-2026-56131_CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a ...	libexpat project	libexpat	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-10779	Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)_CVE-2026-10779 The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and...	techlabpro1	Classified Listing – AI-Powered Classified ads & Business Directory	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-9013	Bogo <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via REST API_CVE-2026-9013 The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_...	rocklobsterinc	Bogo	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-8118	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 – 1.7.1059 – Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source_CVE-2026-8118 The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1...	wproyal	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058	Jun 19, 2026	CVE
MEDIUM 4.9	CVE-2026-7547	Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter_CVE-2026-7547 The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and includin...	teamwsa	Woosa – Marktplaats for WooCommerce	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-4328	Advanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' Parameter_CVE-2026-4328 The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to t...	addonspress	Advanced Import	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-1856	Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856 The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions ...	creavi	Creavi Appointment Booking Calendar	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12644	CVE-2026-12644_CVE-2026-12644 Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype me...	n/a	ts-deepmerge	Jun 19, 2026	CVE
MEDIUM 4.4	CVE-2026-12430	Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430 The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2....	creativethemeshq	Blocksy Companion	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-12157	BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157 The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...	wpdevteam	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	Jun 19, 2026	CVE