Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-57646	WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57646 Subscriber Insecure Direct Object References (IDOR) in Majestic Support	Majestic Support	Majestic Support n/a	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-57645	WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability_CVE-2026-57645 newsletters_subscribers Broken Access Control in Newsletters	Tribulant Software	Newsletters n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57644	WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability_CVE-2026-57644 Contributor SQL Injection in Restaurant Menu by MotoPress	jetmonsters	Restaurant Menu by MotoPress n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57643	WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability_CVE-2026-57643 Contributor SQL Injection in WP Post Author	AF themes	WP Post Author n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57642	WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability_CVE-2026-57642 Contributor SQL Injection in Gallery	bestwebsoft	Gallery n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57641	WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57641 Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7	Contempoinc	Real Estate 7 n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57640	WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability_CVE-2026-57640 Subscriber Broken Access Control in MasterStudy LMS	Stylemix	MasterStudy LMS n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57638	WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57638 Contributor Cross Site Scripting (XSS) in Fluent Booking	WPManageNinja LLC	Fluent Booking n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57637	WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57637 Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce	tychesoftwares	Abandoned Cart Lite for WooCommerce n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57636	WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability_CVE-2026-57636 Contributor SQL Injection in wpForo Forum	Tomdever	wpForo Forum n/a	Jun 26, 2026	CVE