CVE-2026-39449

If you're running any of these 20 plugins, you need to deactivate and delete them immediately. Critical vulnerabilities were disclosed today and the authors have either abandoned the projects or just flat-out refused to patch them.

Create DB Tables – CVE-2026-4119

FunnelFormsPro – CVE-2026-39440

Contact Form to Any API – CVE-2026-39449

Plugin: CMS für Motorrad Werkstätten – CVE-2026-6674

Bread & Butter: AI-Powered Lead Intelligence – CVE-2026-4279

CI HUB Connector – CVE-2026-4353

Posts map – CVE-2026-6236

Quran Live Multilanguage – CVE-2026-4074

Switch CTA Box – CVE-2026-4088

Text Snippets – CVE-2026-5748

Twittee Text Tweet – CVE-2026-4089

HTTP Headers – CVE-2026-2717 and CVE-2026-1379

Real Estate Pro – CVE-2026-1845

CalJ Shabbat Times – CVE-2026-4117

Private WP suite – CVE-2026-2719

Sentence To SEO – CVE-2026-4142

Fast & Fancy Filter – 3F – CVE-2026-6396

Ni WooCommerce Order Export – CVE-2026-4140

TextP2P Texting Widget – CVE-2026-4133

Our r/StopBadBots crew never stops fingerprinting the bad actors. You better start spinning up your own defense too.