HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2025-49438	WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability_CVE-2025-49438 Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from ...	Max Chirkov	Simple Login Log n/a	Aug 20, 2025	CVE
HIGH 7.5	CVE-2025-54017	WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability_CVE-2025-54017 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Sub...	Cozmoslabs	Paid Member Subscriptions n/a	Aug 20, 2025	CVE
HIGH 7.5	CVE-2025-54028	WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability_CVE-2025-54028 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF...	Saleswonder Team Tobias	CF7 WOW Styler n/a	Aug 20, 2025	CVE
HIGH 8.1	CVE-2025-54031	WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability_CVE-2025-54031 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board all...	Schiocco	Support Board n/a	Aug 20, 2025	CVE
HIGH 7.5	CVE-2025-54021	WordPress Simple File List <= 6.1.14 - Arbitrary File Download Vulnerability_CVE-2025-54021 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traver...	Mitchell Bennis	Simple File List n/a	Aug 20, 2025	CVE
HIGH 7.1	CVE-2025-54032	WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-54032 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows...	WebCodingPlace	Real Estate Manager Pro n/a	Aug 20, 2025	CVE
HIGH 8.8	CVE-2025-49399	WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability_CVE-2025-49399 Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a throug...	Basix	NEX-Forms n/a	Aug 20, 2025	CVE
HIGH 7.1	CVE-2025-54027	WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-54027 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. ...	Schiocco	Support Board n/a	Aug 20, 2025	CVE
HIGH 8.8	CVE-2025-49382	WordPress JobZilla – Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability_CVE-2025-49382 Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation. This issue affects ...	DexignZone	JobZilla - Job Board WordPress Theme n/a	Aug 20, 2025	CVE
HIGH 7.5	CVE-2025-48302	WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability_CVE-2025-48302 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows P...	Roxnor	FundEngine n/a	Aug 20, 2025	CVE