tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8176	LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset_CVE-2026-8176 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-5416	Command Injection via name parameter_CVE-2026-5416 Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vu...	TURCK	TBEN-LL-SE-M2 0.0.0	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54198	WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant	David Lingren	Media LIbrary Assistant n/a	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-54197	WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-54197 Unauthenticated Sensitive Data Exposure in GetGenie	Wpmet	GetGenie n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54191	WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods	Pods Framework	Pods n/a	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-54190	WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability_CVE-2026-54190 Unauthenticated Broken Access Control in Envira Photo Gallery	Awesomemotive	Envira Photo Gallery n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-52715	WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability_CVE-2026-52715 Unauthenticated SQL Injection in GEO my WordPress	Eyal Fitoussi	GEO my WordPress n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52714	WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability_CVE-2026-52714 Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO	SEO Squirrly	SEO Plugin by Squirrly SEO n/a	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-52712	WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712 Subscriber SQL Injection in Attendance Manager	tnomi	Attendance Manager n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52711	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS	kilbot	WooCommerce POS n/a	Jun 16, 2026	CVE