As we kick off 2026, the threat landscape for automation and CMS platforms is already heating up. Several high-severity vulnerabilities have been identified in WordPress and n8n that require immediate attention from developers and sysadmins.

1. n8n: The “N8scape” Sandbox Bypass (CVE-2025-68668)

A critical vulnerability has been disclosed affecting the popular automation tool n8n. Codenamed N8scape, this flaw is rated 9.9 on the CVSS scale.

• The Risk: A sandbox bypass in the Python Code Node (using Pyodide) allows authenticated users to escape the restricted environment and execute arbitrary system commands on the host machine.
• Affected Versions: All versions from 1.0.0 up to (but not including) 2.0.0.
• The Fix: Update immediately to n8n v2.0.0, which introduces a new task-runner-based security model.
• Quick Mitigation: If you cannot update, disable the Code Node or set N8N_PYTHON_ENABLED=false in your environment variables.

2. WordPress: Plugin & Phishing Escalation

While WordPress core remains stable, the ecosystem is seeing a surge in sophisticated attacks targeting plugins and administrators.

• Critical Plugin Patches: Recent vulnerabilities (CVE-2025-15001 and others) have been found in widely used plugins like FS Registration Password and LearnPress, allowing for unauthenticated privilege escalation and account takeovers.
• The “Renewal” Phishing Wave: A high-end phishing campaign is currently targeting WordPress admins with fake “Domain Renewal” emails. These lead to sophisticated portals that steal 2FA codes and credit card data in real-time via Telegram bots.
• Action Plan: Audit your plugin list. If a plugin hasn’t been updated since late 2025, it may be a “ticking time bomb.” Enable hardware-based MFA (like YubiKey) to combat the new wave of real-time phishing.

---

🛡️ How to Stay Secure in 2026

1. Update n8n to v2.x: The architectural shift in v2.0.0 is specifically designed to isolate code execution.
2. Zero-Trust for Plugins: Only use WordPress plugins that have confirmed compatibility with the latest PHP versions and have active security maintenance.
3. Environment Hardening: For self-hosted n8n instances, ensure the process runs under a low-privilege user and use the new N8N_RUNNERS_ENABLED flag for better isolation.
4. Monitor Your Logs: Watch for unusual POST requests to wp-admin or unexpected system-level calls in your automation logs.

Cybersecurity is a moving target. Don’t let your automation and content platforms be the entry point for an attacker.