MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-12616	CVE-2026-12616_CVE-2026-12616 The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that str...	Eclipse Foundation	Eclipse CSI - PIA	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57341	WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57341 Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce	Colissimo	Colissimo Officiel : Méthodes de livraison pour WooCommerce n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57340	WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability_CVE-2026-57340 Unauthenticated Broken Access Control in Japanized For WooCommerce	shohei.tanaka	Japanized For WooCommerce n/a	Jun 29, 2026	CVE
MEDIUM 6.6	CVE-2026-57339	WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability_CVE-2026-57339 Unauthenticated Broken Access Control in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57335	WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability_CVE-2026-57335 Subscriber Broken Access Control in Ads by WPQuads	Ads WPQuads	Ads by WPQuads n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57334	WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability_CVE-2026-57334 Unauthenticated Broken Access Control in WP User Frontend	weDevs	WP User Frontend n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57330	WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57330 Subscriber Cross Site Scripting (XSS) in MasterStudy LMS	Stylemix	MasterStudy LMS n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57329	WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57329 Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro	WOOCOMMERCE DESIGNER PRO	WooCommerce Designer Pro n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57328	WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57328 Subscriber Cross Site Scripting (XSS) in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57327	WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability_CVE-2026-57327 Subscriber Broken Access Control in MainWP	mainwp	MainWP n/a	Jun 29, 2026	CVE