exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	73764E05-FE56-	xss-vulnerability-scanner_73764E05-FE56-54D5-88DB-FC538242C5EB Application Security: Automated Reflected XSS Web Fuzzer 📝 Description This application security testing utility evaluates web forms against Refle...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 10	7F7749F6-023B-	Exploit for Authentication Bypass Using an Alternate Path or Channel in Traefik_7F7749F6-023B-5070-9A69-60448F7E541E CVE-2026-48020 — Traefik StripPrefix Route-Level Auth Bypass PoC A self-contained proof of concept for CVE-2026-48020, a route-level authentication...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
MEDIUM 6.1	CVE-2026-13245	MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to...	maxfoundry	MaxButtons – Create buttons	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12404	NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including...	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-9242	RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication ...	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-9233	Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-3462	Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'p...	reepaydenmark	Frisbii Pay	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13295	Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, a...	gpriday	Page Builder by SiteOrigin	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-12471	Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...	templatescoderthemes	Spexo	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12432	Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter_CVE-2026-12432 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_fai...	themeisle	Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions	Jun 27, 2026	CVE