HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-52728	WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability_CVE-2025-52728 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive ...	WebCodingPlace	Responsive Posts Carousel WordPress Plugin n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-52716	WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability_CVE-2025-52716 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows...	Acato	WP REST Cache n/a	Aug 14, 2025	CVE
HIGH 8.8	CVE-2025-49869	WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability_CVE-2025-49869 Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31.	Arraytics	Eventin n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-49271	WordPress GravityWP – Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability_CVE-2025-49271 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merg...	GravityWP	GravityWP - Merge Tags n/a	Aug 14, 2025	CVE
HIGH 8.5	CVE-2025-49267	WordPress Frontend Admin by DynamiApps <= 3.28.3 - SQL Injection Vulnerability_CVE-2025-49267 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps al...	Shabti Kaplan	Frontend Admin by DynamiApps n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-49264	WordPress Cloud SAML SSO – Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability_CVE-2025-49264 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Servi...	Cloud Infrastructure Services	Cloud SAML SSO - Single Sign On Login n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-49065	WordPress Visit Counter Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-49065 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored X...	BestiaDurmiente	Visit Counter n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-49064	WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-49064 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected...	Webilop	User Language Switch n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-49063	WordPress BaiduXZH Submit(百度熊掌号) plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-49063 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Ref...	i3geek	BaiduXZH Submit(百度熊掌号) n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-49062	WordPress WP-jScrollPane plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-49062 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS....	cornfeed	WP-jScrollPane n/a	Aug 14, 2025	CVE