← All briefings
Daily security briefing — 2026-07-11
On July 11, 2026, there were no new advisories from CERT or PSIRT, but 55 CVEs were published, with several notable vulnerabilities affecting WordPress plugins. High-severity vulnerabilities include CVE-2026-1359, CVE-2026-15155, and CVE-2025-6784, all rated 8.8 on the CVSS scale, which expose various plugins to unauthorized modifications and remote code execution. Other significant vulnerabilities include CVE-2026-2354, CVE-2026-14262, and CVE-2026-13353, also rated 8.8, highlighting risks such as arbitrary file uploads and authentication bypass. Additionally, CVE-2026-7655, rated 8.1, presents a privilege escalation risk in the SureCart plugin. Teams should prioritize patching these vulnerabilities to mitigate potential threats.
Notable CVEs
Highest-severity CVEs published this day from the NVD and GitHub Advisory firehose — the sharpest items behind the day’s numbers.
- highCVE-2026-1359CVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized mCVSS 8.8
- highCVE-2026-15155CVE-2026-15155: The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPresCVSS 8.8
- highCVE-2025-6784CVE-2025-6784: The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up CVSS 8.8
- highCVE-2026-2354CVE-2026-2354: The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a fCVSS 8.8
- highCVE-2026-14262CVE-2026-14262: The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerCVSS 8.8
- highCVE-2026-13353CVE-2026-13353: The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPCVSS 8.8
- highCVE-2026-13756CVE-2026-13756: The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versionsCVSS 8.8
- highCVE-2026-7655CVE-2026-7655: The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover inCVSS 8.1
- highCVE-2026-4661CVE-2026-4661: The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerabCVSS 7.5
- highCVE-2026-15335CVE-2026-15335: The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' FoCVSS 7.5
- highCVE-2026-9282CVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions upCVSS 7.5
- highCVE-2026-15338CVE-2026-15338: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File IncluCVSS 7.5
Get this briefing by email. One free message every morning after 06:00 UTC — same data, zero noise, one-click unsubscribe.
Subscribe. Tracking specific products instead? Watch them from any
product page and get alerted only when they ship a new advisory.