WPEverest security patch release for CVE-2026-1492
Security Patch Release
Summary
Hide ▲
Show ▼
WPEverest released fixes for CVE-2026-1492 in the User Registration & Membership plugin, a critical update for sites running vulnerable versions. The patch matters because the flaw allows unauthenticated administrator-account creation on 60,000+ WordPress sites.
Related Happenings
Gravity SMTP security patch release for CVE-2026-4020
Security Patch Release
H score16
First: 20.06.2026 12:56
Last: 20.06.2026 12:56
Sources 1
About this happening:
**Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Gravity SMTP security patch release for CVE-2026-4020
Security Patch ReleaseAbout this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
The vendor security patch release for CVE-2026-8206
Security Patch Release
H score89
First: 03.06.2026 01:12
Last: 03.06.2026 01:12
Sources 1
About this happening:
**Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
The vendor security patch release for CVE-2026-8206
Security Patch ReleaseAbout this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
WP Maps Pro 6.1.1 security patch for CVE-2026-8732
Security Patch Release
H score49
First: 31.05.2026 17:06
Last: 31.05.2026 17:06
Sources 1
About this happening:
**WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...
WP Maps Pro 6.1.1 security patch for CVE-2026-8732
Security Patch ReleaseAbout this happening: **WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
H score42
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
Latest development: 16.06.2026 13:47
CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
Timeline
-
05.03.2026 20:44 2 articles · 4mo ago
WPEverest patches CVE-2026-1492 in User Registration & Membership
Mitigation Patch UpdateWPEverest’s User Registration & Membership plugin for WordPress is affected by CVE-2026-1492, a critical 9.8 vulnerability that lets an unauthenticated attacker create administrator accounts through user-supplied role handling during membership registration. The plugin is installed on more than 60,000 WordPress sites, Defiant says it blocked more than 200 exploit attempts in customer environments in the past 24 hours, and website admins are advised to update from affected versions through 5.1.2 to the fixed 5.1.3 release or the current 5.1.4 release, or temporarily disable or uninstall the plugin if patching is not possible.
Show sources
- WordPress membership plugin bug exploited to create admin accounts — www.bleepingcomputer.com — 05.03.2026 20:44
- WordPress membership plugin bug exploited to create admin accounts — www.bleepingcomputer.com — 05.03.2026 20:44