CVE-2026-48874
CVE-2026-48874 is a HIGH severity vulnerability (CVSS Score: 8.5) affecting GamiPress plugin versions up to 7.8.7. The vulnerability allows for Subscriber SQL Injection and has been publicly disclosed on June 15, 2026.
These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-48874 is a HIGH severity vulnerability (CVSS Score: 8.5) affecting GamiPress plugin versions up to 7.8.7. The vulnerability allows for Subscriber SQL Injection and has been publicly disclosed on June 15, 2026.
CVE-2026-42775 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in AutomatorWP plugin versions <= 5.7.2. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42775).
CVE-2026-42650 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in AutomatorWP plugin versions up to 5.6.7. The vulnerability has a CVSS score of 7.2 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42650).
CVE-2026-40785 is a HIGH-severity vulnerability in AutomatorWP, a WordPress plugin. The vulnerability, rated 7.1 on the CVSS scale, involves Subscriber Broken Authentication and affects versions up to 5.6.7. It was published on June 15, 2026, and last modified on the same day.
A Missing Authorization vulnerability (CWE-862) in the GamiPress WordPress plugin allows exploitation of incorrectly configured access control security levels. The vulnerability affects GamiPress versions from n/a through 7.6.3. The issue was published on 2026-05-25 and modified on 2026-05-26. No known exploitation in the wild or ransomware campaign use has been reported. The vendor attribution is current [truncated]