Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-57662	WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability_CVE-2026-57662 Contributor SQL Injection in Contest Gallery	Wasiliy Strecker	Contest Gallery n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-57661	WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability_CVE-2026-57661 Subscriber Broken Access Control in WPComplete	Nexcess	WPComplete n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57660	WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability_CVE-2026-57660 Unauthenticated Broken Access Control in Booking and Rental Manager	magepeopleteam	Booking and Rental Manager n/a	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-57659	WordPress Paid Memberships Pro – Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57659 Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin	Stranger Studios	Paid Memberships Pro - Add Member From Admin 0.7.2	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2026-57658	WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability_CVE-2026-57658 Administrator Arbitrary File Upload in TemplateSpare	Templatespare	TemplateSpare n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57657	WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57657 Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP	Noor Alam	Gmail SMTP n/a	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-57656	WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57656 Author Cross Site Scripting (XSS) in Hester Core	peregrinethemes	Hester Core n/a	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-57655	WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57655 Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard	Jay Versluis	Child Theme Wizard n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57654	WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability_CVE-2026-57654 Affiliate Broken Access Control in Affiliates Manager	wp.insider	Affiliates Manager n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57653	WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability_CVE-2026-57653 Contributor SQL Injection in WP Job Portal	wpjobportal	WP Job Portal n/a	Jun 26, 2026	CVE