MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-57318	WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability_CVE-2026-57318 Subscriber Sensitive Data Exposure in Site Reviews	Gemini Labs	Site Reviews n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57316	WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability_CVE-2026-57316 Subscriber Sensitive Data Exposure in GetGenie	Roxnor	GetGenie n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57313	WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57313 Subscriber Cross Site Scripting (XSS) in SureCart	SureCart	SureCart n/a	Jun 26, 2026	CVE
MEDIUM 5.8	CVE-2026-56066	WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability_CVE-2026-56066 Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images	ShortPixel	ShortPixel Adaptive Images n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-56048	WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048 Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce	tychesoftwares	Payment Gateway Based Fees and Discounts for WooCommerce n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-56046	WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046 Subscriber Cross Site Scripting (XSS) in ListingPro	CridioStudio	ListingPro n/a	Jun 26, 2026	CVE
MEDIUM 6.4	CVE-2026-56026	WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-56026 Subscriber Server Side Request Forgery (SSRF) in utm.codes	Chris Carlevato	utm.codes n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-52701	WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701 Unauthenticated Broken Access Control in User Registration	Themegrill	User Registration n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-4339	SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-45256	Missing permission check in thr_kill2(2)_CVE-2026-45256 When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not ...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 26, 2026	CVE