Is CVE-2026-10735 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-10735 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-10735 affect?

CVE-2026-10735 affects WordPress.

Vulnerability intelligence

CVE-2026-10735

Attackers infiltrated ShapedPlugin's release process, injecting credential-stealing malware into Pro plugin updates distributed through official channels. CVE-2026-10735, CVSS 9.8.

WordPress 2026

What WebPulse reported · 1 analysis

ShapedPlugin Backdoor: 400K WordPress Sites Exposed Through a Compromised Build Pipeline.

Attackers infiltrated ShapedPlugin's release process, injecting credential-stealing malware into Pro plugin updates distributed through official channels. CVE-2

June 25, 2026

View CVE-2026-10735 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-8206 CVE-2026-8181 CVE-2026-3844 CVE-2026-10795 CVE-2026-4020 CVE-2026-1293 CVE-2026-8732 CVE-2026-4798