Report Incident
× Home DPO CyberHub Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Security Alert: WordPress Security Update - July 2026

Wordpress has released security updates affecting multiple WordPress plugins and themes. Exploitation of these vulnerabilities could allow attackers to compromise system security, escalate privileges, bypass authentication, and disrupt services.
 
Affected Systems:
 
The affected systems and versions include, but are not limited to:
 
Plugins: 
 
• WCFM WooCommerce Multivendor Membership plugin: Versions 2.11.10 and below
• LatePoint Calendar Booking plugin: Versions 5.6.3 and below
• Essential Addons for Elementor plugin: Versions 6.6.4 and below
 
Themes:
 
• Zakra theme: Versions 4.2.0 and below
• Edumall theme: Versions 4.5.1 and below
 
Security Risks
 
Exploitation of vulnerabilities in WordPress themes and plugins may allow unauthenticated attackers to inject malicious code, escalate privileges, bypass authentication, and disrupt critical website functions. This can result in data exposure, operational downtime, and loss of service integrity.
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
 
1. Update, as soon as possible, to the latest supported versions of all affected WordPress plugins to resolve known vulnerabilities and minimize the risk of exploitation.
 
The WordPress plugin versions available for upgrade include, but are not limited to:
 
Plugins:
 
 

Themes:
 
Zakra Theme: Upgrade to version 4.2.1 or above
Edumall Theme: Upgrade to version 4.5.2 or above
 
2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.
 
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.
 
References

08 July 2026

© 2026 National Cyber Security Authority