CVE-2026-12598: CWE-287 Improper Authentication in LoginPress LoginPress Pro
LoginPress Pro plugin for WordPress versions up to and including 6.2.3 is vulnerable to an authentication bypass via its Spotify Social Login addon. The vulnerability arises because the plugin trusts…
Read the full articleYou might also wanna read
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo
Critical Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabli

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file p

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
Hello! Yes, it's all a disaster again! Let's get this party started: 0:00 /0:12 1× No comments today, so imagine this: * We wrote something
watchTowr Labs·2mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.