Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.4	CVE-2026-2500	Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter_CVE-2026-2500 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_d...	davidfcarr	Quick Playground	Jun 6, 2026	CVE
HIGH 7.8	3A0FB196-510A-	Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069 CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-0847 Dirty Pipe. Original source code from haxx.in/dirtypipe. Build bash make glibc stat...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
MEDIUM 4.3	CVE-2026-9719	LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action_CVE-2026-9719 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 5, 2026	CVE
HIGH 7.5	CVE-2026-9290	WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu...	wpusermanager	WP User Manager – User Profile Builder & Membership	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-8976	RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions_CVE-2026-8976 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorizatio...	themeisle	RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator	Jun 5, 2026	CVE
MEDIUM 6.4	CVE-2026-8900	Simple SEO Slideshow <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8900 The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and incl...	spyrosvl	Simple SEO Slideshow	Jun 5, 2026	CVE
MEDIUM 6.4	CVE-2026-8893	Express Payment For Stripe <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-8893 The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] s...	payaddons	Express Payment For Stripe	Jun 5, 2026	CVE
MEDIUM 5.3	CVE-2026-8608	Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action_CVE-2026-8608 The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity...	awordpresslife	Event Monster – Event Manager, Ticket Booking & Registration	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-7047	Frontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' Action_CVE-2026-7047 The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due t...	absikandar	Frontend User Notes	Jun 5, 2026	CVE
MEDIUM 4.9	CVE-2026-6448	Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters_CVE-2026-6448 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' ...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 5, 2026	CVE