Security Alert: WordPress Security Update - July 2026
Wordpress has released security updates affecting multiple WordPress plugins and themes. Exploitation of these vulnerabilities could allow attackers to compromise system security, escalate privileges, bypass authentication, and disrupt services.
Affected Systems:
The affected systems and versions include, but are not limited to:
Plugins:
• WCFM WooCommerce Multivendor Membership plugin: Versions 2.11.10 and below
• LatePoint Calendar Booking plugin: Versions 5.6.3 and below
• Essential Addons for Elementor plugin: Versions 6.6.4 and below
Themes:
• Zakra theme: Versions 4.2.0 and below
• Edumall theme: Versions 4.5.1 and below
Security Risks
Exploitation of vulnerabilities in WordPress themes and plugins may allow unauthenticated attackers to inject malicious code, escalate privileges, bypass authentication, and disrupt critical website functions. This can result in data exposure, operational downtime, and loss of service integrity.
Recommended Actions
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
1. Update, as soon as possible, to the latest supported versions of all affected WordPress plugins to resolve known vulnerabilities and minimize the risk of exploitation.
The WordPress plugin versions available for upgrade include, but are not limited to: