Patch Avada Builder CVE-2026-4782 and CVE-2026-4798 by updating Avada, Fusion Builder, and bundled plugins, then review users, files, and WooCommerce data.
Patch OttoKit and SureTriggers CVE-2026-4935 by updating to 1.1.23 or newer, then review WordPress users, data, automations, and logs.
Patch Everest Forms Pro CVE-2026-3300 by updating to 1.9.13 or newer, disabling exposed forms if needed, and reviewing WordPress files and logs.
Patch PrestaShop CVE-2026-44212 and Strapi critical CVEs affecting e-commerce stores, headless CMS APIs, uploads, and admin workflows.
Update Chrome 148.0.7778.167/168 after Google fixed 79 security issues, including multiple critical CVEs affecting desktop and managed fleets.
Patch Cisco Catalyst SD-WAN Controller and Manager CVE-2026-20182, preserve evidence, restrict management access, and verify the fabric safely.
Patch or mitigate Fragnesia CVE-2026-46300 on Linux hosting, Proxmox, container, CloudLinux, AlmaLinux, Debian, and Ubuntu servers.
Patch Exim CVE-2026-45185 by updating to Exim 4.99.3 or vendor-fixed packages, restarting mail service, verifying mail flow, and reviewing logs.
Updated May 30: add CVE-2026-9256 and verify fixed NGINX 1.30.2 or 1.31.1 packages on hosting servers, CDN origins, reverse proxies, and Kubernetes workloads.
Patch or disable critical WordPress plugin CVEs affecting Burst Statistics, Career Section, InfusedWoo Pro, Avada Builder, and activity logging plugins.
