MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-57633	WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability_CVE-2026-57633 Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare	WCBoost	WCBoost – Products Compare n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-57632	WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability_CVE-2026-57632 Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend	Omnisend	Email Marketing for WooCommerce by Omnisend n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57630	WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57630 Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro	Creative Themes	Blocksy Companion Pro n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57629	WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57629 Contributor Cross Site Scripting (XSS) in StatCounter	StatCounter	StatCounter n/a	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-57627	WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57627 Subscriber Server Side Request Forgery (SSRF) in Kirki	Themeum	Kirki n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57622	WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability_CVE-2026-57622 Subscriber Broken Access Control in WPCafe	Arraytics	WPCafe n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57618	WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57618 Contributor Cross Site Scripting (XSS) in Neve PRO	Themeisle	Neve PRO n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57617	WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57617 Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.	SeedProd LLC.	SeedProd Pro n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57431	WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57431 Author Cross Site Scripting (XSS) in Featured Image	Mervin Praison	Featured Image n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57430	WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability_CVE-2026-57430 Contributor Broken Access Control in SEOPress PRO	SEOPress Free	SEOPress PRO n/a	Jun 26, 2026	CVE