CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-39591	WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability_CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory	CMSJunkie – WordPress Business Directory Plugins	WP-BusinessDirectory n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-39587	WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability_CVE-2026-39587 Unauthenticated Privilege Escalation in WP BASE Booking	Hakan Ozevin	WP BASE Booking n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39584	WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability_CVE-2026-39584 Subscriber Broken Access Control in RepairBuddy	Webful Creations	RepairBuddy n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-39583	WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability_CVE-2026-39583 Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery	Datalogics	Datalogics Ecommerce Delivery n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39579	WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability_CVE-2026-39579 Contributor Privilege Escalation in B Blocks	bPlugins	B Blocks n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39540	WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce	Amit Mittal	Shipment Tracker for Woocommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39533	WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds	WPTasty	AWP Classifieds n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39532	WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory	Stiofan	Events Calendar for GeoDirectory 2.3.25	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39530	WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability_CVE-2026-39530 Unauthenticated SQL Injection in SpeakOut! Email Petitions	SpeakOut!	SpeakOut! Email Petitions n/a	Jun 15, 2026	CVE