Advanced Custom Fields: Extended CVE-2026-8809 affects versions through 0.9.2.5. Update to 0.9.2.6 or newer, then review WordPress admin users and public user forms.
Kirki CVE-2026-8206 affects versions 6.0.0 through 6.0.6 and is reportedly under active attack. Update to 6.0.7 or newer, then review WordPress admin accounts.
WP Maps Pro CVE-2026-8732 is a critical unauthenticated admin account creation flaw. Update to 6.1.1+, review admin users, and verify site changes.
LiteSpeed Cache CVE-2026-3375 is patched in 7.8. Update the WordPress plugin, check CSS optimization settings, purge cache, and verify CDN origin exposure.
Patch User Verification CVE-2026-7458 to 2.0.47 or newer, review public login flows, check users, and secure WordPress accounts.
Patch User Registration Advanced Fields CVE-2026-4882 to 1.6.21 or newer, review public registration forms, and check uploads safely.
Patch User Registration CVE-2026-1492 to 5.1.3 or newer, review public registration and administrator users, and secure WordPress membership sites.
Patch User Frontend CVE-2026-5127 to 4.3.2 or newer, review public registration, check users and files, and protect WordPress membership sites.
Patch Slider Revolution CVE-2026-6692 by updating to 7.0.11 or newer, checking bundled theme copies, reviewing users, and verifying pages.
