Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-57636	WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability_CVE-2026-57636 Contributor SQL Injection in wpForo Forum	Tomdever	wpForo Forum n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57635	WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57635 Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce	FunnelKit	FunnelKit Payment Gateway for Stripe WooCommerce n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57634	WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57634 Contributor Insecure Direct Object References (IDOR) in PPWP	WP Folio Team	PPWP n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57633	WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability_CVE-2026-57633 Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare	WCBoost	WCBoost – Products Compare n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-57632	WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability_CVE-2026-57632 Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend	Omnisend	Email Marketing for WooCommerce by Omnisend n/a	Jun 26, 2026	CVE
HIGH 7.6	CVE-2026-57631	WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability_CVE-2026-57631 Administrator SQL Injection in Popup box	Ays Pro	Popup box n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57630	WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57630 Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro	Creative Themes	Blocksy Companion Pro n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57629	WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57629 Contributor Cross Site Scripting (XSS) in StatCounter	StatCounter	StatCounter n/a	Jun 26, 2026	CVE
HIGH 7.6	CVE-2026-57628	WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability_CVE-2026-57628 Administrator SQL Injection in WP All Import	WP All Import	WP All Import n/a	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-57627	WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57627 Subscriber Server Side Request Forgery (SSRF) in Kirki	Themeum	Kirki n/a	Jun 26, 2026	CVE