news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-10966	CVE-2026-10966_CVE-2026-10966 Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape vi...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-10955	CVE-2026-10955_CVE-2026-10955 Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory ac...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
MEDIUM 6.4	CVE-2026-9281	Master Addons For Elementor <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'jtlma_custom_js' Page Setting (Custom JS Extension)_CVE-2026-9281 The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cr...	litonice13	Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits	Jun 6, 2026	CVE
MEDIUM 4.3	CVE-2026-9008	Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes_CVE-2026-9008 The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_un...	webvitaly	Page-list	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-8901	Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data_CVE-2026-8901 The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site...	plugcrux	Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-8438	All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path_CVE-2026-8438 The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and incl...	davidanderson	All-In-One Security (AIOS) – Security and Firewall	Jun 6, 2026	CVE
MEDIUM 6.1	CVE-2026-9280	Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode_CVE-2026-9280 The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode i...	spacetime	Ad Inserter – Ad Manager & AdSense Ads	Jun 6, 2026	CVE
MEDIUM 4.9	CVE-2026-9197	Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export_CVE-2026-9197 The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImag...	nextendweb	Smart Slider 3	Jun 6, 2026	CVE
MEDIUM 4.4	CVE-2026-8991	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings_CVE-2026-8991 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' ...	glenwpcoder	Drag and Drop Multiple File Upload for Contact Form 7	Jun 6, 2026	CVE
MEDIUM 4.9	CVE-2026-8978	OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter_CVE-2026-8978 The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' pa...	crafium	OptinCraft – Drag & Drop Optins & Popup Builder for WordPress	Jun 6, 2026	CVE