HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-31425	WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability_CVE-2025-31425 Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels...	kamleshyadav	WP Lead Capturing Pages n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-31007	WordPress Billplz Addon for Contact Form 7 Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-31007 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allow...	Alvind	Billplz Addon for Contact Form 7 n/a	Aug 14, 2025	CVE
HIGH 8.5	CVE-2025-30998	WordPress WP Links Page <= 4.9.6 - SQL Injection Vulnerability_CVE-2025-30998 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injectio...	Rico Macchi	WP Links Page n/a	Aug 14, 2025	CVE
HIGH 7.5	CVE-2025-30639	WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability_CVE-2025-30639 Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue ...	ThemeAtelier	IDonatePro n/a	Aug 14, 2025	CVE
HIGH 8.1	CVE-2025-30635	WordPress IDonatePro <= 2.1.9 - Local File Inclusion Vulnerability_CVE-2025-30635 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro al...	ThemeAtelier	IDonatePro n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-30626	WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-30626 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon...	LambertGroup	Multimedia Playlist Slider Addon for WPBakery Page Builder n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-29014	WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-29014 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This is...	ZoomIt	FoodMenu n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-28999	WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-28999 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows R...	ZoomIt	WooCommerce Shop Page Builder n/a	Aug 14, 2025	CVE
HIGH 8.1	CVE-2025-28979	WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability_CVE-2025-28979 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows ...	ThimPress	WP Pipes n/a	Aug 14, 2025	CVE
HIGH 7.1	CVE-2025-28975	WordPress Alike – WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-28975 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Compar...	redqteam	Alike - WordPress Custom Post Comparison n/a	Aug 14, 2025	CVE