Security Advisory - Published 2026-07-06 - WordPress / WooCommerce
WordPress July critical batch: check plugins, themes, accounts, uploads, and database signals
This batch covers critical WordPress plugin and theme issues reported around the July recovery window. The urgent checks are installed versions, public exposure, admin account changes, upload directories, and database errors.
Affected CVEs in this batch
| CVE | Product | Affected | Review | CVSS |
|---|---|---|---|---|
| CVE-2026-57624 | Blocksy Companion Pro | <= 2.1.46 | plugin files, admin users, and server-side error logs | 10.0 |
| CVE-2026-27419 | Zegen theme | <= 1.1.9 | uploads, theme files, and subscriber activity | 9.9 |
| CVE-2026-9711 | EventON | vendor advisory | calendar search activity and database errors | 9.8 |
| CVE-2026-57692 | PrivateContent | <= 9.9.2 | role changes, private-area access, and new sessions | 9.8 |
| CVE-2026-12073 | ProfileGrid | <= 5.9.9.5 | administrator email changes, password resets, and registration logs | 9.8 |
| CVE-2026-11387 | SMS Alert | <= 3.9.5 | OTP flows, administrator changes, and WooCommerce order notifications | 9.8 |
What to check
- Installed versions of Blocksy Companion Pro, Zegen theme, ProfileGrid, EventON, SMS Alert, and PrivateContent.
- Administrator email changes, password reset events, OTP flows, WooCommerce notification settings, and new sessions.
- Upload directories, theme files, plugin files, recently modified PHP files, and suspicious media records.
- Calendar search activity, role changes, private-content access, and database errors during the exposure window.
Safe fix path
- Disable or patch the affected component before clearing cache.
- Preserve access logs, WordPress debug logs, security plugin logs, and a file listing for wp-content.
- Review administrator users, role changes, reset links, OTP settings, uploads, and modified plugin/theme files.
- Rotate administrator passwords, API keys, SMTP keys, and WooCommerce integration credentials if account integrity is uncertain.
Compromise indicators
- New administrator sessions, changed administrator email addresses, or password resets that do not match real maintenance.
- Unexpected PHP files in uploads, theme folders, cache folders, or plugin directories.
- Database errors or long-running requests tied to calendar or search features.
- Private content, order notifications, or OTP settings changed outside the normal change window.
When to ask Ping7 for repair
Use Ping7 CVE Repair when a WordPress site is public, account takeover is possible, uploads may contain executable files, or WooCommerce data needs review before reopening.