CVE-2025-69129 and CVE-2025-69131 affect WordPress & WooCommerce Scraper Plugin through 1.0.7. Remove it, replace the import workflow, and verify WooCommerce.
Update UpdraftPlus free to 1.26.5+ or Premium to 2.26.5+, then verify backups, remote management, admin users, and restore points safely.
Update Everest Forms to 3.4.8 or newer after CVE-2026-3296 and CVE-2026-5478, then review forms, uploads, users, and site files safely.
Patch WooCommerce Custom Product Addons Pro CVE-2026-4001, verify product options, review WooCommerce orders, and inspect the site after a critical plugin update.
Patch CVE-2026-48837 by updating Unlimited Elements for Elementor to 2.0.9 or newer. WordPress.org currently lists version 2.0.10.
Patch WebinarIgnition CVE-2026-40797 by updating to 4.09.86 or newer, reviewing webinar registrations and users, clearing cache, and verifying webinar flows.
Patch Forminator Forms CVE-2026-6214 by updating to 1.53.2 or newer, reviewing form exports and low-privilege users, and verifying form delivery.
Patch or disable high-risk WordPress plugins from the May 22 Patchstack disclosures: BookingPress Pro, Easy Elements, and WP ERP Pro.
Critical Easy Elements for Elementor CVE-2026-7284 patch guide: update to 1.4.5, remove if unavailable, review admins, and replace unsafe builder add-ons.
Update AI Engine to 3.5.0 or newer for CVE-2026-8719, then review MCP/OAuth connections, administrator users, content changes, and logs.
