Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-39554	WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability_CVE-2026-39554 Unauthenticated PHP Object Injection in Fidalgo	Elated-Themes	Fidalgo n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39549	WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability_CVE-2026-39549 Unauthenticated Local File Inclusion in Aperitif	Elated-Themes	Aperitif n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-39548	WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39548 Unauthenticated Cross Site Scripting (XSS) in MagOne	Sneeit	MagOne n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39547	WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability_CVE-2026-39547 Unauthenticated Local File Inclusion in Getaway < 1.8 versions.	Select-Themes	Getaway n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39539	WordPress Alloggio – Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability_CVE-2026-39539 Unauthenticated PHP Object Injection in Alloggio - Hotel Booking	Edge-Themes	Alloggio - Hotel Booking n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-39529	WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability_CVE-2026-39529 Unauthenticated PHP Object Injection in Elementra	ThemeREX Group	Elementra n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39522	WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability_CVE-2026-39522 Unauthenticated Local File Inclusion in Solene	Elated-Themes	Solene n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39446	WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability_CVE-2026-39446 Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.	PressLayouts	Kapee n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-39443	WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability_CVE-2026-39443 Unauthenticated PHP Object Injection in EmallShop	PressLayouts	EmallShop n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39438	WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438 Unauthenticated SQL Injection in ListingPro	Emraan Cheema	ListingPro n/a	Jun 16, 2026	CVE