CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-48836	WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability_CVE-2026-48836 Unauthenticated Remote Code Execution (RCE) in Easy Invoice	MantraBrain	Easy Invoice n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-45439	WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability_CVE-2026-45439 Unauthenticated SQL Injection in Realtyna Organic IDX plugin	Realtyna	Realtyna Organic IDX plugin n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42665	WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability_CVE-2026-42665 Unauthenticated SQL Injection in WP Data Access	Passionate Programmer Peter	WP Data Access n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42639	WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability_CVE-2026-42639 Unauthenticated SQL Injection in GD Rating System	Dev4Press	GD Rating System n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42386	WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability_CVE-2026-42386 Unauthenticated SQL Injection in Order Delivery Date for WooCommerce	tychesoftwares	Order Delivery Date for WooCommerce n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-42381	WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability_CVE-2026-42381 Unauthenticated SQL Injection in Funnel Builder by FunnelKit	FunnelKit	Funnel Builder by FunnelKit n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-40798	WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability_CVE-2026-40798 Unauthenticated SQL Injection in wpForo Forum	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
CRITICAL 10	CVE-2026-40772	WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability_CVE-2026-40772 Unauthenticated Arbitrary File Upload in GeekyBot	Ahmad	GeekyBot n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-40771	WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability_CVE-2026-40771 Unauthenticated SQL Injection in Contest Gallery	Wasiliy Strecker	Contest Gallery n/a	Jun 15, 2026	CVE
CRITICAL 9.9	CVE-2026-39591	WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability_CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory	CMSJunkie – WordPress Business Directory Plugins	WP-BusinessDirectory n/a	Jun 15, 2026	CVE