Security Advisory - Published 2026-07-06 - WordPress / WooCommerce

WordPress July critical batch: check plugins, themes, accounts, uploads, and database signals

This batch covers critical WordPress plugin and theme issues reported around the July recovery window. The urgent checks are installed versions, public exposure, admin account changes, upload directories, and database errors.

Defensive scope: check systems you own or are approved to repair. This page avoids exploit steps and focuses on version checks, logs, patching, and cleanup decisions.

Affected CVEs in this batch

CVEProductAffectedReviewCVSS
CVE-2026-57624Blocksy Companion Pro<= 2.1.46plugin files, admin users, and server-side error logs10.0
CVE-2026-27419Zegen theme<= 1.1.9uploads, theme files, and subscriber activity9.9
CVE-2026-9711EventONvendor advisorycalendar search activity and database errors9.8
CVE-2026-57692PrivateContent<= 9.9.2role changes, private-area access, and new sessions9.8
CVE-2026-12073ProfileGrid<= 5.9.9.5administrator email changes, password resets, and registration logs9.8
CVE-2026-11387SMS Alert<= 3.9.5OTP flows, administrator changes, and WooCommerce order notifications9.8

What to check

  • Installed versions of Blocksy Companion Pro, Zegen theme, ProfileGrid, EventON, SMS Alert, and PrivateContent.
  • Administrator email changes, password reset events, OTP flows, WooCommerce notification settings, and new sessions.
  • Upload directories, theme files, plugin files, recently modified PHP files, and suspicious media records.
  • Calendar search activity, role changes, private-content access, and database errors during the exposure window.

Safe fix path

  1. Disable or patch the affected component before clearing cache.
  2. Preserve access logs, WordPress debug logs, security plugin logs, and a file listing for wp-content.
  3. Review administrator users, role changes, reset links, OTP settings, uploads, and modified plugin/theme files.
  4. Rotate administrator passwords, API keys, SMTP keys, and WooCommerce integration credentials if account integrity is uncertain.

Compromise indicators

  • New administrator sessions, changed administrator email addresses, or password resets that do not match real maintenance.
  • Unexpected PHP files in uploads, theme folders, cache folders, or plugin directories.
  • Database errors or long-running requests tied to calendar or search features.
  • Private content, order notifications, or OTP settings changed outside the normal change window.

When to ask Ping7 for repair

Use Ping7 CVE Repair when a WordPress site is public, account takeover is possible, uploads may contain executable files, or WooCommerce data needs review before reopening.

References