HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-56064	WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability_CVE-2026-56064 Subscriber SQL Injection in Tourfic	Themefic	Tourfic n/a	Jun 26, 2026	CVE
HIGH 8.3	CVE-2026-56063	WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability_CVE-2026-56063 Unauthenticated Broken Access Control in MailChimp Block	bPlugins	MailChimp Block n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-56061	WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability_CVE-2026-56061 Unauthenticated Broken Access Control in Subscriptions for WooCommerce	WP Swings	Subscriptions for WooCommerce n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-56060	WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-56060 Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce	tychesoftwares	Print Invoice & Delivery Notes for WooCommerce n/a	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-56055	WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability_CVE-2026-56055 Subscriber PHP Object Injection in RealHomes	InspiryThemes	RealHomes n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56047	WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-56047 Unauthenticated Cross Site Scripting (XSS) in perfmatters	Perfmatters, Powered Kinsta + GeneratePress Docs Changelog Feature requests Legal Affiliate Contact	perfmatters n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56045	WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56045 Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.	ValvePress	Automatic n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56044	WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56044 Unauthenticated Cross Site Scripting (XSS) in Blog2Social	Adenion	Blog2Social n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56043	WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56043 Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce	CusRev	Customer Reviews for WooCommerce n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56041	WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56041 Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox	dFactory	Responsive Lightbox n/a	Jun 26, 2026	CVE