exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-57315	WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability_CVE-2026-57315 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro	Creative Themes	Blocksy Companion Pro n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-57314	WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57314 Unauthenticated Cross Site Scripting (XSS) in SureCart	SureCart	SureCart n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57313	WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57313 Subscriber Cross Site Scripting (XSS) in SureCart	SureCart	SureCart n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-57312	WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57312 Unauthenticated Cross Site Scripting (XSS) in Everest Forms	wpeverest	Everest Forms n/a	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-56773	Teable – Missing Authorization in v2 REST API_CVE-2026-56773 Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Atta...	teableio	teable	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56072	WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56072 Unauthenticated Cross Site Scripting (XSS) in WoodMart	Xtemos	WoodMart n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-56070	WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability_CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search	ThemeHunk	Advance Product Search n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-56069	WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56069 Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms	Site Building with Toolset	Toolset Forms n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-56068	WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability_CVE-2026-56068 Unauthenticated SQL Injection in JetEngine	Crocoblock. Jetimpex Inc.	JetEngine n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-56067	WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability_CVE-2026-56067 Unauthenticated SQL Injection in JetSmartFilters	Crocoblock. Jetimpex Inc.	JetSmartFilters n/a	Jun 26, 2026	CVE