News Security ShapedPlugin supply-chain compromise: backdoored Pro updates via official channels (CVE-2026-10735) June 22, 2026 / June 22, 2026 by Alex Mira | Leave a Comment Wordfence and BleepingComputer report a ShapedPlugin supply‑chain compromise that backdoored Pro updates via official channels (CVE-2026-10735). Free repo builds were reported clean. Read more » 2FA CVE-2026-10735 incident response ShapedPlugin Supply chain attack WooCommerce WordPress security
News Security Active exploits hit Gravity SMTP (CVE-2026-4020); Avada Builder critical bug patched (CVE-2026-8713) June 22, 2026 / June 22, 2026 by Alex Mira | Leave a Comment Active exploitation hits Gravity SMTP (CVE-2026-4020) while Avada Builder’s critical file deletion bug (CVE-2026-8713) is patched. Update now, check logs for the Gravity SMTP REST endpoint, and consult Wordfence’s indicators for targeted IPs. Read more » Avada Builder CVE-2026-4020 CVE-2026-8713 Gravity SMTP incident response Plugin vulnerability WordPress security
