exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-54833	WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability_CVE-2026-54833 Unauthenticated Backdoor in Enable CORS	Dev Kabir	Enable CORS n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54832	WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability_CVE-2026-54832 Unauthenticated Broken Access Control in Gutenverse Companion	Jegstudio	Gutenverse Companion n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54831	WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability_CVE-2026-54831 Unauthenticated SQL Injection in GeoDirectory	Paolo	GeoDirectory n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54827	WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability_CVE-2026-54827 Unauthenticated SQL Injection in Real Estate 7	contempoinc	Real Estate 7 3.5.9	Jun 26, 2026	CVE
HIGH 7.6	CVE-2026-54826	WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-54826 Subscriber Insecure Direct Object References (IDOR) in SupportCandy	PSM Plugins	SupportCandy n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54825	WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability_CVE-2026-54825 Unauthenticated SQL Injection in wpDataTables	wpDataTables	wpDataTables n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54824	WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability_CVE-2026-54824 Unauthenticated Sensitive Data Exposure in Ads by WPQuads	Ads WPQuads	Ads by WPQuads n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54820	WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability_CVE-2026-54820 Unauthenticated SQL Injection in JetBooking	Crocoblock. Jetimpex Inc.	JetBooking n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-52701	WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701 Unauthenticated Broken Access Control in User Registration	Themegrill	User Registration n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-4339	SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Jun 26, 2026	CVE