Posts on the topic: WordPress
27 June 2026
Security Advisory: Actively Exploited Flaw in the Gravity SMTP WordPress Plugin (CVE-2026-4020) — API Keys and Tokens Exposed to Anyone
An unprotected REST endpoint in the Gravity SMTP WordPress plugin exposes API keys and tokens (CVE-2026-4020). Fixed back in March in 2.1.5, mass-exploited in June.
Read more → Security26 June 2026
Security Bulletin for 26 June 2026: Critical File Deletion in Avada Builder and Code Injection in RD Station, Plus a Status Follow-up on Two Open Flaws
Daily security overview: critical flaws in Avada Builder and RD Station, plus a status follow-up on two WordPress plugins that remain unpatched.
Read more → Security25 June 2026
Security Bulletin for 25 June 2026: CRLF Injection in the Laravel Framework and a Critical Account Takeover in the Kirki WordPress Plugin
Daily security overview: a CRLF injection in the Laravel PHP framework and a critical, unauthenticated account takeover in the Kirki WordPress plugin.
Read more → Security24 June 2026
Security Bulletin for 24 June 2026: Two Flaws in WP Activity Log and a SQL Injection in The Events Calendar
Daily security overview: two flaws in the WP Activity Log audit plugin and an unauthenticated SQL injection in The Events Calendar.
Read more → Security23 June 2026
Security Bulletin for 23 June 2026: SQL Injection in Infility Global and Two Still-Unpatched WordPress Plugin Flaws
Daily security overview for WordPress and PHP: a SQL injection in Infility Global and two WordPress plugin flaws that are not yet patched.
Read more → Security22 June 2026
Security Bulletin for 22 June 2026: Privilege Escalation in Vitepos, a Critical Flaw in PhpSpreadsheet, and Cross-Site Scripting in WooCommerce Auction Pro
Daily security overview for WordPress, e-commerce and PHP: privilege escalation in Vitepos, a flaw in PhpSpreadsheet, and XSS in WooCommerce Auction Pro.
Read more → Security22 June 2026
Security advisory: critical UpdraftPlus flaw (CVE-2026-10795) — check and update WordPress now
Critical, actively exploited flaw in the WordPress backup plugin UpdraftPlus (CVE-2026-10795): versions up to 1.26.4 affected — update to 1.26.5 now.
Read more →