Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-39558	WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability_CVE-2026-39558 Unauthenticated Local File Inclusion in Malmö	Elated-Themes	Malmö n/a	Jun 17, 2026	CVE
HIGH 7.6	CVE-2026-39546	WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability_CVE-2026-39546 Subscriber Privilege Escalation in MultiLoca	Techspawn	MultiLoca n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-39545	WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability_CVE-2026-39545 Unauthenticated PHP Object Injection in Zermatt	Select-Themes	Zermatt n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-39537	WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability_CVE-2026-39537 Unauthenticated Local File Inclusion in Mikado Core	Mikado-Themes	Mikado Core n/a	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-34888	WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability_CVE-2026-34888 Unauthenticated Sensitive Data Exposure in Bricksforge	Bricksforge	Bricksforge n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-27410	WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability_CVE-2026-27410 Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.	VeronaLabs	Slimstat Analytics n/a	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-27400	WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability_CVE-2026-27400 Unauthenticated Arbitrary File Deletion in BookPro	Ovatheme	BookPro n/a	Jun 17, 2026	CVE
CRITICAL 9.9	CVE-2026-27041	WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability_CVE-2026-27041 Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium)	Studio Keren Aga LTD.	Unlimited Elements for Elementor (Premium) n/a	Jun 17, 2026	CVE
CRITICAL 9.9	CVE-2026-25446	WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability_CVE-2026-25446 Subscriber Arbitrary File Upload in WishList Member X	WishList Products, LLC.	WishList Member X n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-25439	WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability_CVE-2026-25439 Unauthenticated Broken Authentication in Booknetic	fs-code	Booknetic n/a	Jun 17, 2026	CVE