Security 17 July 2026
Security Bulletin — July 17, 2026: Two Critical Unauthenticated Takeover Flaws in Bricksforge and AI Copilot — Plus Privilege Escalation and Shop Payment Fraud
Unauthenticated admin takeover in Bricksforge (CVSS 9.8) and in the AI Copilot plugin (CVSS 9.8), privilege escalation in User Registration & Membership, and a forged payment callback in the PhonePe gateway.
- Bulletin
- WordPress
- WooCommerce
Read more →