Casablanca – Morocco’s Directorate General for Information Systems Security (DGSSI) has issued a security bulletin warning about vulnerabilities affecting several WordPress plugins.
The alert was published on March 13, 2026, under reference number 62021303/26. Authorities classified both the risk and the potential impact as important.
The bulletin states that multiple security flaws were identified and corrected in certain WordPress plugins. According to the advisory, the vulnerabilities affect WooCommerce versions earlier than 1.6.0, Ally versions earlier than 4.1.0, and wpDiscuz versions earlier than 7.6.47.
If exploited, the flaws could allow attackers to run malicious code remotely on affected systems. The DGSSI said such attacks may also enable unauthorized users to upload or delete files on a website, gain access to administrator accounts, or obtain confidential information stored on the system. In some cases, the vulnerabilities could lead to a full compromise of the targeted website.
The bulletin references several publicly identified vulnerabilities associated with the issue, including CVE-2026-3891, CVE-2026-2413, CVE-2026-22193, and CVE-2026-22202.
DGSSI, operating under the Administration of National Defense, warned that exploiting these weaknesses could lead to the remote execution of arbitrary code, the elevation of privileges, unauthorized access to sensitive information, and the compromise of websites using the affected plugins.
Authorities advised website administrators to consult the official WordPress security bulletins for further technical details and guidance.
The advisory also points to several external resources providing information about the vulnerabilities, including reports published by the cybersecurity platform Wordfence and documentation available on the official WordPress plugin repository.
The DGSSI operates a monitoring, detection, and response center dedicated to tracking cyber threats and issuing alerts related to vulnerabilities affecting digital systems.