CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2025-54010	WordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) Vulnerability_CVE-2025-54010 Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnipp...	Shahjahan Jewel	FluentSnippets n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-52836	WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability_CVE-2025-52836 Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affect...	Unity Business Technology Pty Ltd	The E-Commerce ERP n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-52714	WordPress Traveler < 3.2.2 - SQL Injection Vulnerability_CVE-2025-52714 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. Thi...	shinetheme	Traveler n/a	Jul 16, 2025	CVE
CRITICAL 9.1	CVE-2025-48300	WordPress Groundhogg <= 4.2.1 - Arbitrary File Upload Vulnerability_CVE-2025-48300 Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affe...	Adrian Tobey	Groundhogg n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-30973	WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability_CVE-2025-30973 Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a t...	Codexpert, Inc	CoSchool LMS n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-30949	WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability_CVE-2025-30949 Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegra...	Guru Team	Site Chat on Telegram n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-30936	WordPress Torod plugin <= 1.9 - SQL Injection Vulnerability_CVE-2025-30936 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Toro...	Torod Company for Information Technology	Torod n/a	Jul 16, 2025	CVE
CRITICAL 10	CVE-2025-29009	WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability_CVE-2025-29009 Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web ...	Webkul	Medical Prescription Attachment Plugin for WooCommerce n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-28982	WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability_CVE-2025-28982 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This...	ThimPress	WP Pipes n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-28961	WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability_CVE-2025-28961 Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: fro...	Md Yeasin Ul Haider	URL Shortener n/a	Jul 16, 2025	CVE