tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-48870	WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48870 Subscriber Cross Site Scripting (XSS) in King Addons for Elementor	King Addons	King Addons for Elementor n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-48868	WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-48868 Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart	mra13 / Team Tips and Tricks HQ	Simple Shopping Cart n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-48867	WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48867 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master	ExpressTech	Quiz And Survey Master n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-48838	WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48838 Unauthenticated Cross Site Scripting (XSS) in Post SMTP	WPExperts	Post SMTP n/a	Jun 15, 2026	CVE
CRITICAL 10	CVE-2026-48836	WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability_CVE-2026-48836 Unauthenticated Remote Code Execution (RCE) in Easy Invoice	MantraBrain	Easy Invoice n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-48835	WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability_CVE-2026-48835 Unauthenticated Broken Access Control in Contact Form by WPForms	Awesomemotive	Contact Form by WPForms n/a	Jun 15, 2026	CVE
LOW 3.7	CVE-2026-48709	OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration_CVE-2026-48709 OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in s...	OliveTin	OliveTin < 3000.13.0	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-48708	OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination_CVE-2026-48708 OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared t...	OliveTin	OliveTin < 3000.13.0	Jun 15, 2026	CVE
MEDIUM 4.3	CVE-2026-48518	MultiJuicer: Login CSRF allows attacker to force victims into their team_CVE-2026-48518 MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 th...	juice-shop	multi-juicer >= 8.0.0, < 10.0.1	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-48124	Cursor Desktop sandbox escape via Claude hook configuration_CVE-2026-48124 Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook c...	cursor	cursor < 3.0.0	Jun 15, 2026	CVE