April 8-9, 2026 vulnerability digest: GDPR compliance plugin opens WordPress sites to unauthenticated RCE
by Artem Safonov
WordPress vulnerability digest for April 8–9: 17 new CVEs, with one CVSS 9.8 critical that turns a GDPR compliance helper into an unauthenticated RCE primitive. The DSGVO Google Web Fonts GDPR plugin has no patched version and should be removed …
Read more →