CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-53580	WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability_CVE-2025-53580 Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple B...	quantumcloud	Simple Business Directory Pro n/a	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-53299	WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability_CVE-2025-53299 Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer allows Object Injection. This issue affects Them...	ThemeMakers	ThemeMakers Visual Content Composer n/a	Aug 20, 2025	CVE
CRITICAL 9.9	CVE-2025-53213	WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability_CVE-2025-53213 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Usi...	ELEXtensions	ReachShip WooCommerce Multi-Carrier & Conditional Shipping n/a	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-54014	WordPress MediCenter – Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability_CVE-2025-54014 Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects Medi...	QuanticaLabs	MediCenter - Health Medical Clinic n/a	Aug 20, 2025	CVE
CRITICAL 9.3	CVE-2025-54048	WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability_CVE-2025-54048 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injec...	miniOrange	Custom API for WP n/a	Aug 20, 2025	CVE
CRITICAL 9.9	CVE-2025-54049	WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability_CVE-2025-54049 Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: fro...	miniOrange	Custom API for WP n/a	Aug 20, 2025	CVE
CRITICAL 9.6	CVE-2025-49381	WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability_CVE-2025-49381 Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt ...	ads.txt Guru	ads.txt Guru Connect n/a	Aug 20, 2025	CVE
CRITICAL 9.9	CVE-2025-48169	WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability_CVE-2025-48169 Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects ...	Jordy Meow	Code Engine n/a	Aug 20, 2025	CVE
CRITICAL 10	CVE-2025-48148	WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability_CVE-2025-48148 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This is...	StoreKeeper B.V.	StoreKeeper for WooCommerce n/a	Aug 20, 2025	CVE
CRITICAL 9.1	CVE-2025-54677	WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability_CVE-2025-54677 Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Mal...	vcita	Online Booking & Scheduling Calendar for WordPress by vcita n/a	Aug 20, 2025	CVE