CVE-2025-69129 and CVE-2025-69131 affect WordPress & WooCommerce Scraper Plugin through 1.0.7. Remove it, replace the import workflow, and verify WooCommerce.
JoomSport versions through 5.7.7 are affected by recent unauthenticated SQL injection CVEs. Update WordPress sites to 5.7.8 or newer.
CVE-2026-5718 affects Drag and Drop Multiple File Upload for Contact Form 7 through 1.3.9.6. Update WordPress sites to 1.3.9.7 or newer.
Gift Cards For WooCommerce Pro CVE-2026-45444 affects versions through 4.2.6. Disable or replace the plugin if no fixed release is available.
Patch WP-Optimize CVE-2026-7252 by updating to 4.5.3 or newer, reviewing content users, clearing caches, and checking site integrity.
Patch Really Simple Security CVE-2026-8293, a WordPress two-factor bypass fixed in 9.5.10.1. Update, review admins, and reset risky sessions.
Update AI Engine to 3.5.0 or newer for CVE-2026-8719, then review MCP/OAuth connections, administrator users, content changes, and logs.
Patch Drupal SAML SSO Service Provider CVE-2026-5343 by updating to 3.1.4 or newer and reviewing SSO logs, role mapping, and admin accounts.
Patch Drupal core CVE-2026-6365 by updating supported Drupal 10 and 11 branches, rebuilding caches, and verifying editor workflows.
Patch Drupal Date iCal CVE-2026-8495 by updating to 4.0.15 or newer, rebuilding caches, and reviewing private calendar feed exposure.
