CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-12416	Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter_CVE-2026-12416 The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This i...	pravel	Invoice Generator	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12100	URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter_CVE-2026-12100 The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter...	abhisheksaha11	URL Preview	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-12095	Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter_CVE-2026-12095 The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' param...	bytuncay	Kargo Takip	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-12094	Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094 The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on t...	iamranit	Advanced Contact Form 7 – Compact DB	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-11997	Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997 The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or ...	seo_tools	Bulk SEO Image	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11370	WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...	joomunited	WP Meta SEO	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-10552	Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...	jotis	Blue Captcha	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10092	Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...	nicashmu	Cincopa video and media plug-in	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10091	Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up ...	cgarvey	Email JavaScript Cloak	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-7761	Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761 The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2...	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Jun 24, 2026	CVE