CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9	CVE-2025-54693	WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability_CVE-2025-54693 Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects F...	epiphyt	Form Block n/a	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-54686	WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability_CVE-2025-54686 Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.	scriptsbundle	Exertio n/a	Aug 14, 2025	CVE
CRITICAL 9.3	CVE-2025-54678	WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability_CVE-2025-54678 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind...	hassantafreshi	Easy Form Builder n/a	Aug 14, 2025	CVE
CRITICAL 9.3	CVE-2025-54669	WordPress MapSVG Plugin < 8.7.4 - SQL Injection Vulnerability_CVE-2025-54669 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This i...	RomanCode	MapSVG n/a	Aug 14, 2025	CVE
CRITICAL 9.3	CVE-2025-52720	WordPress Super Store Finder Plugin <= 7.5 - SQL Injection Vulnerability_CVE-2025-52720 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Inje...	highwarden	Super Store Finder n/a	Aug 14, 2025	CVE
CRITICAL 9.9	CVE-2025-49887	WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability_CVE-2025-49887 Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code In...	WPFactory	Product XML Feed Manager for WooCommerce n/a	Aug 14, 2025	CVE
CRITICAL 9.3	CVE-2025-49059	WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability_CVE-2025-49059 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injec...	CleverReach®	CleverReach® WP n/a	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-48293	WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability_CVE-2025-48293 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup all...	Dylan Kuhn	Geo Mashup n/a	Aug 14, 2025	CVE
CRITICAL 10	CVE-2025-25174	WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability_CVE-2025-25174 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Exte...	beeteam368	BeeTeam368 Extensions n/a	Aug 14, 2025	CVE
CRITICAL 9.9	CVE-2025-24775	WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability_CVE-2025-24775 Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Form...	Made I.T.	Forms n/a	Aug 14, 2025	CVE