CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-54808	WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability_CVE-2026-54808 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows B...	WP Travel	WP Travel Gutenberg Blocks n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2026-49108	WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability_CVE-2026-49108 Unauthenticated PHP Object Injection in Moderno < 1.43 versions.	park_of_ideas	Moderno n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60231	WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability_CVE-2025-60231 Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a...	EMV	The Hospital n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-69127	WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability_CVE-2025-69127 Unauthenticated PHP Object Injection in Plumbing	ThemeREX	Plumbing n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-69111	WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2025-69111 Unauthenticated PHP Object Injection in Reisen	ThemeREX	Reisen 1.4.1	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60236	WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability_CVE-2025-60236 Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.	EMV	Creatify n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60230	WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability_CVE-2025-60230 Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a ...	Themeton	The Barber Shop n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2025-60229	WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability_CVE-2025-60229 Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.	Themeton	Lagom n/a	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-59554	WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability_CVE-2025-59554 Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.	Advanced Ads GmbH	Advanced Ads – Tracking n/a	Jun 17, 2026	CVE
CRITICAL 9.8	A2E60F1B-241D-	Exploit for CVE-2026-49060_A2E60F1B-241D-5AF1-A5D1-F10E6E5B483C CVE-2026-49060 - Hippoo Mobile App for WooCommerce Incorrect Privilege Assignment / Privilege Escalation Executive Summary This repository contains...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT