Saturday , July 18 2026
WordPress

CVE-2026-60137, CVE-2026-63030
Patch immediately! 2 high severity WordPress flaws found

The WordPress security team received reports about these flaws:

CVE-2026-60137 : A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo

“PentestCode” AI Agent Automating Penetration Testing with 18 Tools

A new free tool is adding AI helpers into security work. PentestCode is a version of OpenCode made just for...
Read More
“PentestCode” AI Agent Automating Penetration Testing with 18 Tools

CVE-2026-60137, CVE-2026-63030
Patch immediately! 2 high severity WordPress flaws found

The WordPress security team received reports about these flaws: CVE-2026-60137 : A facilitated SQL injection issue reported as a team...
Read More
CVE-2026-60137, CVE-2026-63030  Patch immediately! 2 high severity WordPress flaws found

Windows LegacyHive 0, AWS, Fortinet, TP-LINK multiple flaws got hackers attention

A Windows security flaw called LegacyHive (MSNightmare) misuses the User Profile Service. This allows local users to gain higher privileges,...
Read More
Windows LegacyHive 0, AWS, Fortinet, TP-LINK multiple flaws got hackers attention

CVE-2026-53412
Zoom Warns of critical account takeover Flaw via Network Access

Zoom has issued updates for a flaw in the Windows desktop client, known as CVE-2026-53412. This issue may allow an...
Read More
CVE-2026-53412  Zoom Warns of critical account takeover Flaw via Network Access

India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

India is speeding up its work to make homegrown AI models for cybersecurity. These models will help protect important digital...
Read More
India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

Cursor, SonicWall, SharePoint 0-day exploited to the wild

A serious security flaw in Cursor, a popular AI code editor used by more than 7 million developers, lets attackers...
Read More
Cursor, SonicWall, SharePoint 0-day exploited to the wild

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

CVE-2026-63030 : A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at Assetnote / Searchlight Cyber

Which versions of WordPress are vulnerable?

WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.
WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.
The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.
Versions of WordPress prior to 6.8 are not affected.

Emergency temporary mitigation

If you can’t do that, Security Researchers at Searchlight Cyber suggest you can temporarily protect your instance by blocking anonymous access to the batch API by:

Installing a plugin that blocks anonymous access to the rest API entirely; or
Blocking /wp-json/batch/v1 and ?rest_route=/batch/v1 at a WAF level.
Note that both these solutions may have impact on legitimate use of the site and should only be considered emergency temporary measures until you can update.

Check Also

IOS

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, …