Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
WordPress Plugin Critical File Upload Vulnerability
BELL-CVE-2026-31705
Summary
A critical vulnerability in a popular WordPress plugin allows attackers to upload malicious files, potentially leading to site takeover or data theft. This affects WordPress sites that use the affected plugin. To protect your site, update the plugin to the latest version or remove it if possible.
What to do
- Update bellsoft linux-lts to version 6.12.85-r0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Alpaquita:23 | bellsoft | linux-lts | >= 6.1.170-r0 |
| Alpaquita:25 | bellsoft | linux-lts |
>= 6.12.81-r0, < 6.12.85-r0 Fix: upgrade to 6.12.85-r0
|
| Alpaquita:stream | bellsoft | linux-lts |
>= 6.12.80-r0, < 6.12.85-r0 Fix: upgrade to 6.12.85-r0
|
Original title
BELL-CVE-2026-31705
osv CVSS3.1
9.8
- https://docs.bell-sw.com/security/cves/CVE-2026-31705 Vendor Advisory
Published: 6 May 2026 · Updated: 29 May 2026 · First seen: 29 May 2026