news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-39584	WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability_CVE-2026-39584 Subscriber Broken Access Control in RepairBuddy	Webful Creations	RepairBuddy n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-39583	WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability_CVE-2026-39583 Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery	Datalogics	Datalogics Ecommerce Delivery n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39579	WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability_CVE-2026-39579 Contributor Privilege Escalation in B Blocks	bPlugins	B Blocks n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39540	WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce	Amit Mittal	Shipment Tracker for Woocommerce n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39534	WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit	Wp Directory Kit	WP Directory Kit n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-39533	WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds	WPTasty	AWP Classifieds n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-39532	WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory	Stiofan	Events Calendar for GeoDirectory 2.3.25	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39530	WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability_CVE-2026-39530 Unauthenticated SQL Injection in SpeakOut! Email Petitions	SpeakOut!	SpeakOut! Email Petitions n/a	Jun 15, 2026	CVE
MEDIUM 5.4	CVE-2026-39527	WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.	sc Internet Vivoo	WpStream n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-39525	WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability_CVE-2026-39525 Unauthenticated Broken Access Control in Booking Activities	Booking Activities Team	Booking Activities n/a	Jun 15, 2026	CVE