CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2026-52712	WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712 Subscriber SQL Injection in Attendance Manager	tnomi	Attendance Manager n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52711	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS	kilbot	WooCommerce POS n/a	Jun 16, 2026	CVE
CRITICAL 9.9	CVE-2026-49774	WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-49774 Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects...	Filipe Nasc	RD Station n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-49772	WordPress The Events Calendar plugin 6.15.12-6.16.2 – SQL Injection vulnerability_CVE-2026-49772 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar al...	Liquid Web / StellarWP	The Events Calendar 6.15.12	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-40809	WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability_CVE-2026-40809 Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This is...	Rara Themes	Metro Magazine n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-39581	WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability_CVE-2026-39581 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic	activity-log.com	WP Sessions Time Monitoring Full Automatic n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39574	WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability_CVE-2026-39574 Unauthenticated SQL Injection in InPost Gallery	RealMag777	InPost Gallery n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-39490	WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability_CVE-2026-39490 Unauthenticated Broken Access Control in JupiterX Core	artbees	JupiterX Core n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-39437	WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce	WPFactory	Min Max Step Quantity Limits Manager for WooCommerce n/a	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-2381	WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter_CVE-2026-2381 The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on...	woocommerce	WooCommerce Stripe Payment Gateway	Jun 16, 2026	CVE