news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-40767	WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability_CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-40766	WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability_CVE-2026-40766 Subscriber SQL Injection in MasterStudy LMS	StylemixThemes	MasterStudy LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40762	WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability_CVE-2026-40762 Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.	WPGraphQL	WPGraphQL n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-40743	WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability_CVE-2026-40743 Unauthenticated Broken Access Control in Tutor LMS	Themeum	Tutor LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-40741	WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability_CVE-2026-40741 Unauthenticated Broken Access Control in Redsys for WooCommerce Light	Jose Conti	Redsys for WooCommerce Light n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-40732	WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram	rainafarai	Notification for Telegram n/a	Jun 15, 2026	CVE
HIGH 7.7	CVE-2026-40727	WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability_CVE-2026-40727 Sales Representative Arbitrary File Deletion in Groundhogg	Groundhogg	Groundhogg n/a	Jun 15, 2026	CVE
MEDIUM 6.4	CVE-2026-39594	WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability_CVE-2026-39594 Subscriber Broken Access Control in Ultra Addons for WPForms	Themefic	Ultra Addons for WPForms n/a	Jun 15, 2026	CVE
CRITICAL 9.9	CVE-2026-39591	WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability_CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory	CMSJunkie – WordPress Business Directory Plugins	WP-BusinessDirectory n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-39587	WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability_CVE-2026-39587 Unauthenticated Privilege Escalation in WP BASE Booking	Hakan Ozevin	WP BASE Booking n/a	Jun 15, 2026	CVE