CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-48970	WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability_CVE-2026-48970 Unauthenticated Broken Authentication in Really Simple SSL	Really Simple Plugins	Really Simple SSL n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-48966	WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48966 Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit	FunnelKit	Funnel Builder by FunnelKit n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48965	WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability_CVE-2026-48965 Subscriber Sensitive Data Exposure in XCloner	watchful	XCloner n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-48964	WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability_CVE-2026-48964 Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System	ELEXtensions	ELEX WordPress HelpDesk & Customer Ticketing System n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-48889	WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability_CVE-2026-48889 Subscriber Privilege Escalation in Amelia	TMS	Amelia n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48887	WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability_CVE-2026-48887 Unauthenticated Broken Access Control in JS Help Desk	Ahmad	JS Help Desk n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-48886	WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability_CVE-2026-48886 Unauthenticated SQL Injection in JS Help Desk	Ahmad	JS Help Desk n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-48885	WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48885 Unauthenticated Cross Site Scripting (XSS) in HollerBox	Groundhogg	HollerBox n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-48883	WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability_CVE-2026-48883 Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce	WPClever	WPC Product Bundles for WooCommerce n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-48882	WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability_CVE-2026-48882 Subscriber SQL Injection in WP Time Slots Booking Form	codepeople	WP Time Slots Booking Form n/a	Jun 15, 2026	CVE