Find notable cyber news and cases, enriched with sources, timelines, and signals.

WPEverest security patch release for CVE-2026-1492

Security Patch Release
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

WPEverest released fixes for CVE-2026-1492 in the User Registration & Membership plugin, a critical update for sites running vulnerable versions. The patch matters because the flaw allows unauthenticated administrator-account creation on 60,000+ WordPress sites.

Related Happenings

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

The vendor security patch release for CVE-2026-8206

Security Patch Release
H score89 First: 03.06.2026 01:12 Last: 03.06.2026 01:12 Sources 1

About this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...

WP Maps Pro 6.1.1 security patch for CVE-2026-8732

Security Patch Release
H score49 First: 31.05.2026 17:06 Last: 31.05.2026 17:06 Sources 1

About this happening: **WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Timeline

  1. 05.03.2026 20:44 2 articles · 4mo ago

    WPEverest patches CVE-2026-1492 in User Registration & Membership

    Mitigation Patch Update

    WPEverest’s User Registration & Membership plugin for WordPress is affected by CVE-2026-1492, a critical 9.8 vulnerability that lets an unauthenticated attacker create administrator accounts through user-supplied role handling during membership registration. The plugin is installed on more than 60,000 WordPress sites, Defiant says it blocked more than 200 exploit attempts in customer environments in the past 24 hours, and website admins are advised to update from affected versions through 5.1.2 to the fixed 5.1.3 release or the current 5.1.4 release, or temporarily disable or uninstall the plugin if patching is not possible.

    Show sources