CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-12111	Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter_CVE-2026-12111 The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. Thi...	codepeople	Appointment Booking Calendar	Jun 18, 2026	CVE
LOW 2.7	CVE-2026-12102	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter_CVE-2026-12102 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecur...	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Jun 18, 2026	CVE
MEDIUM 6.4	CVE-2026-12098	PowerPress Podcasting plugin by Blubrry <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'embed' Episode Meta Field_CVE-2026-12098 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all...	blubrry	PowerPress Podcasting plugin by Blubrry	Jun 18, 2026	CVE
HIGH 7.2	CVE-2026-11395	CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host_CVE-2026-11395 The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pull_the_t...	mariovalney	CF7 to Webhook	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-8811	Path traversal in PDF generation module_CVE-2026-8811 SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to cr...	SEPPmail AG	Secure Email Gateway	Jun 18, 2026	CVE
MEDIUM 6.4	CVE-2026-8039	Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting_CVE-2026-8039 The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' ...	dijitul	Fancy Testimonials	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-50643	Out‑of‑Bounds Read in 8cc_CVE-2026-50643 8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controll...	rui314	8cc b480958	Jun 18, 2026	CVE
MEDIUM 6.4	CVE-2026-2021	Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute_CVE-2026-2021 The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versio...	contrid	Slideshow Gallery LITE	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2025-10560	Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources_CVE-2025-10560 Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries...	Silver Leaf Technologies, Inc.	Worksnaps.net Worksnaps Worksnaps before 1.6.20260201	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-8024	Deserialization vulnerability in ibaPDA and ibaDatCoordinator_CVE-2026-8024 A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access...	iba	ibaPDA 1.0.0	Jun 18, 2026	CVE