CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-7795	Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter_CVE-2026-7795 The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all ver...	holithemes	Click to Chat – HoliThemes	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-7792	WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint_CVE-2026-7792 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Ve...	smub	WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-7665	Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler_CVE-2026-7665 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versio...	wpdevteam	Essential Addons for Elementor – Popular Elementor Templates & Widgets	Jun 6, 2026	CVE
MEDIUM 6.6	CVE-2026-7566	LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload_CVE-2026-7566 The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via...	thimpress	LearnPress – Backup & Migration Tool	Jun 6, 2026	CVE
MEDIUM 4.9	CVE-2026-7565	LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter_CVE-2026-7565 The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, a...	thimpress	LearnPress – Backup & Migration Tool	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-7537	MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter_CVE-2026-7537 The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_se...	mdjm	MDJM Event Management	Jun 6, 2026	CVE
MEDIUM 4.4	CVE-2026-2500	Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter_CVE-2026-2500 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_d...	davidfcarr	Quick Playground	Jun 6, 2026	CVE
HIGH 7.8	3A0FB196-510A-	Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069 CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-0847 Dirty Pipe. Original source code from haxx.in/dirtypipe. Build bash make glibc stat...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
MEDIUM 4.3	CVE-2026-9719	LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action_CVE-2026-9719 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 5, 2026	CVE
HIGH 7.5	CVE-2026-9290	WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu...	wpusermanager	WP User Manager – User Profile Builder & Membership	Jun 5, 2026	CVE