exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-57632	WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability_CVE-2026-57632 Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend	Omnisend	Email Marketing for WooCommerce by Omnisend n/a	Jun 26, 2026	CVE
HIGH 7.6	CVE-2026-57631	WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability_CVE-2026-57631 Administrator SQL Injection in Popup box	Ays Pro	Popup box n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57630	WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57630 Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro	Creative Themes	Blocksy Companion Pro n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57629	WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57629 Contributor Cross Site Scripting (XSS) in StatCounter	StatCounter	StatCounter n/a	Jun 26, 2026	CVE
HIGH 7.6	CVE-2026-57628	WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability_CVE-2026-57628 Administrator SQL Injection in WP All Import	WP All Import	WP All Import n/a	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-57627	WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57627 Subscriber Server Side Request Forgery (SSRF) in Kirki	Themeum	Kirki n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57622	WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability_CVE-2026-57622 Subscriber Broken Access Control in WPCafe	Arraytics	WPCafe n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57618	WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57618 Contributor Cross Site Scripting (XSS) in Neve PRO	Themeisle	Neve PRO n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57617	WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57617 Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.	SeedProd LLC.	SeedProd Pro n/a	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-57527	ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()_CVE-2026-57527 Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a pro...	zaproxy	zap-extensions	Jun 26, 2026	CVE