CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-56033	WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability_CVE-2026-56033 Unauthenticated Privilege Escalation in Dokan Pro	Dokan Multivendor Plugin	Dokan Pro n/a	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-56032	WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability_CVE-2026-56032 Subscriber PHP Object Injection in Buddyboss Platform	BuddyBoss	Buddyboss Platform n/a	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-56030	WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability_CVE-2026-56030 Unauthenticated Privilege Escalation in Paytium	paytiumsupport	Paytium n/a	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-56028	WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability_CVE-2026-56028 Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates	themewant	Easy Elements for Elementor – Addons & Website Templates n/a	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-56027	WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability_CVE-2026-56027 Customer Arbitrary File Upload in Booster for WooCommerce	Pluggabl	Booster for WooCommerce n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54831	WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability_CVE-2026-54831 Unauthenticated SQL Injection in GeoDirectory	Paolo	GeoDirectory n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54827	WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability_CVE-2026-54827 Unauthenticated SQL Injection in Real Estate 7	contempoinc	Real Estate 7 3.5.9	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54825	WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability_CVE-2026-54825 Unauthenticated SQL Injection in wpDataTables	wpDataTables	wpDataTables n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-54820	WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability_CVE-2026-54820 Unauthenticated SQL Injection in JetBooking	Crocoblock. Jetimpex Inc.	JetBooking n/a	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636 Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...	dokku	dokku < 0.38.7	Jun 26, 2026	CVE