CVE-2025-69129 and CVE-2025-69131 affect WordPress & WooCommerce Scraper Plugin through 1.0.7. Remove it, replace the import workflow, and verify WooCommerce.
Wordfence reports a ShapedPlugin Pro plugin supply-chain compromise through official licensed update channels. Inventory affected Pro plugins, remove unverified builds, scan the site, and rotate credentials where exposure is possible.
Update UpdraftPlus free to 1.26.5+ or Premium to 2.26.5+, then verify backups, remote management, admin users, and restore points safely.
JoomSport versions through 5.7.7 are affected by recent unauthenticated SQL injection CVEs. Update WordPress sites to 5.7.8 or newer.
CVE-2026-5718 affects Drag and Drop Multiple File Upload for Contact Form 7 through 1.3.9.6. Update WordPress sites to 1.3.9.7 or newer.
Patch WP-Optimize CVE-2026-7252 by updating to 4.5.3 or newer, reviewing content users, clearing caches, and checking site integrity.
Critical Easy Elements for Elementor CVE-2026-7284 patch guide: update to 1.4.5, remove if unavailable, review admins, and replace unsafe builder add-ons.
Patch Gravity SMTP CVE-2026-4020 and CVE-2026-4162, rotate WordPress mail-service credentials, and review sending logs after active attack reports.
Patch Burst Statistics CVE-2026-8181, a critical WordPress authentication bypass affecting versions 3.4.0 through 3.4.1.1.
Patch Slider Revolution CVE-2026-6692 by updating to 7.0.11 or newer, checking bundled theme copies, reviewing users, and verifying pages.
