News Security CVE-2026-10795: Authentication bypass in UpdraftPlus impacts sites connected to UpdraftCentral June 12, 2026 / June 12, 2026 by Alex Mira | Leave a Comment CVE-2026-10795 is a high-severity authentication bypass in UpdraftPlus fixed in 1.26.5, exploitable only on sites previously connected to UpdraftCentral. Read more » CVE-2026-10795 Security Patch UpdraftCentral UpdraftPlus vulnerability wordpress
News CVE-2026-3300: Active exploits target Everest Forms Pro’s Complex Calculation feature June 7, 2026 / June 7, 2026 by Alex Mira | Leave a Comment CVE-2026-3300 in Everest Forms Pro is under active exploitation. The bug enables unauthenticated remote code execution via the Complex Calculation feature. Update to 1.9.13, audit admin users for “diksimarina,” and review logs for the IPs cited by Wordfence. Read more » CVE-2026-3300 Everest Forms Pro Plugin vulnerability Remote code execution security wordpress
News CVE-2026-8206: Password reset flaw in Kirki plugin could enable account takeover June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2026-8206 affects Kirki 6.0.0–6.0.6, allowing password reset emails to be sent to attacker-controlled addresses. Update from the WordPress directory now. Read more » Account Takeover CVE-2026-8206 Kirki Plugin security Privilege escalation vulnerability wordpress
News Security $2,751 Bounty Award: Avada WordPress Theme Vulnerability Patched February 28, 2024 / February 28, 2024 by Corentin C Discover the details behind the recent $2,751 bounty awarded for patching an arbitrary file upload vulnerability in the Avada WordPress theme. Learn about the responsible disclosure process, the technical analysis, and recommendations for safeguarding your website. Read more » cve security wordpress
News Security $2,063 Bounty Awarded for Patched SQL Injection Vulnerability in Ultimate Member WordPress Plugin February 27, 2024 / February 27, 2024 by Corentin C Recently, a critical security flaw was discovered in Ultimate Member, a widely-used WordPress plugin, exposing over 200,000 websites to potential exploits. Learn how a $2,063 bounty was awarded for patching this SQL Injection vulnerability and how users can safeguard their sites against similar threats. Read more » cve security wordpress