Posts on the topic: CVE
Security
27 June 2026
Security Advisory: Actively Exploited Flaw in the Gravity SMTP WordPress Plugin (CVE-2026-4020) — API Keys and Tokens Exposed to Anyone
An unprotected REST endpoint in the Gravity SMTP WordPress plugin exposes API keys and tokens (CVE-2026-4020). Fixed back in March in 2.1.5, mass-exploited in June.
Read more → Security23 June 2026
Security Advisory: Two Vulnerabilities in the Guzzle PHP HTTP Client (CVE-2026-55568 and CVE-2026-55767) — Relevant Because of Its Spread Across PHP Libraries
Two vulnerabilities in the widely used Guzzle PHP HTTP client: unencrypted proxy traffic and a CookieJar flaw. Both are fixed in version 7.12.1.
Read more → Security22 June 2026
Security advisory: critical UpdraftPlus flaw (CVE-2026-10795) — check and update WordPress now
Critical, actively exploited flaw in the WordPress backup plugin UpdraftPlus (CVE-2026-10795): versions up to 1.26.4 affected — update to 1.26.5 now.
Read more →