Patch FunnelKit Funnel Builder to 3.15.0.3 or newer after active attacks placed malicious scripts on WooCommerce checkout pages.
Patch Burst Statistics CVE-2026-8181, a critical WordPress authentication bypass affecting versions 3.4.0 through 3.4.1.1.
Install the June 2026 Exchange Server updates for CVE-2026-42897, keep mitigations in place during rollout, and verify OWA, mail flow, logs, and backups.
Patch Apache Flink CVE-2026-35194 by upgrading to fixed Flink releases, restricting query submission, and reviewing recent cluster job activity.
Patch Form Notify CVE-2026-5229, Frontend Admin CVE-2026-6228, and Quick Playground CVE-2026-6403, then review WordPress users, files, logs, and connected credentials.
Patch MLflow CVE-2026-2652 by updating to 3.10.0 or newer, restricting exposed MLOps services, and reviewing recent experiment activity.
Patch Mentoring CVE-2025-13618 and MoreConvert Pro CVE-2026-5722, then review WordPress administrator, customer, and WooCommerce account activity.
Patch Avada Builder CVE-2026-8713 by updating Fusion Builder to 3.15.4 or later, then verify forms, WooCommerce records, users, backups, and caches.
Patch OttoKit and SureTriggers CVE-2026-4935 by updating to 1.1.23 or newer, then review WordPress users, data, automations, and logs.
Patch Everest Forms Pro CVE-2026-3300 by updating to 1.9.13 or newer, disabling exposed forms if needed, and reviewing WordPress files and logs.
