French DGSSI warns of critical vulnerabilities in popular WordPress plugins
France's DGSSI (Direction générale de la sécurité des systèmes d’information), part of the national defense administration, has issued a warning regarding serious security flaws in several widely used WordPress plugins.
In its security bulletin 62021303/26, the DGSSI emphasized that these vulnerabilities could expose websites—including e-commerce platforms and news portals—to cyberattacks if updates are not applied promptly. The agency classified the severity of these flaws as “high,” noting that attackers could gain extended privileges on affected systems.
Among the most affected plugins are WooCommerce, a platform for managing online stores; Ally, designed to improve web accessibility; and wpDiscuz, a popular comment management system. Technical analyses indicate that these vulnerabilities may allow remote code execution (RCE), privilege escalation, and arbitrary file modification, putting both server integrity and user data at risk.
Specific security references include CVE-2026-3891, which could allow attackers to delete or add files and access administrator accounts. Exploitation could compromise databases and expose sensitive user and client information.
The DGSSI has urged administrators in both public institutions and private companies to immediately update affected plugins to secure versions. Recommended practices also include regular software updates, server activity monitoring, and robust database protection to mitigate the risk of cyberattacks and strengthen digital infrastructure security.
-
17:30
-
17:15
-
17:00
-
16:45
-
16:30
-
16:15
-
16:00
-
15:45
-
15:30
-
15:15
-
15:00
-
14:45
-
14:30
-
14:15
-
14:00
-
13:45
-
13:30
-
13:15
-
13:01
-
12:50
-
12:45
-
12:30
-
12:15
-
12:00
-
11:45
-
11:30
-
11:15
-
11:00
-
10:45
-
10:30
-
10:15
-
10:00
-
09:45
-
09:30
-
09:15
-
09:00
-
08:45
-
08:30
-
08:15
-
08:00
