CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-40770	WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40770 Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates	RelyWP	Coupon Affiliates n/a	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-40769	WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability_CVE-2026-40769 Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field	Satinder Singh	Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40767	WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability_CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-40766	WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability_CVE-2026-40766 Subscriber SQL Injection in MasterStudy LMS	StylemixThemes	MasterStudy LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40762	WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability_CVE-2026-40762 Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.	WPGraphQL	WPGraphQL n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40743	WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability_CVE-2026-40743 Unauthenticated Broken Access Control in Tutor LMS	Themeum	Tutor LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40741	WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability_CVE-2026-40741 Unauthenticated Broken Access Control in Redsys for WooCommerce Light	Jose Conti	Redsys for WooCommerce Light n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-40732	WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram	rainafarai	Notification for Telegram n/a	Jun 15, 2026	CVE
HIGH 7.7	CVE-2026-40727	WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability_CVE-2026-40727 Sales Representative Arbitrary File Deletion in Groundhogg	Groundhogg	Groundhogg n/a	Jun 15, 2026	CVE
MEDIUM 6.4	CVE-2026-39594	WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability_CVE-2026-39594 Subscriber Broken Access Control in Ultra Addons for WPForms	Themefic	Ultra Addons for WPForms n/a	Jun 15, 2026	CVE