Security
SPIP Vulnerability: Update to 4.4.14 Now
By Steven | TrustYourWebsite2 min read
Source: CERT-FR
What happened
France's cybersecurity authority CERT-FR has issued an advisory warning of multiple vulnerabilities in SPIP, the open-source content management system. According to CERT-FR advisory CERTFR-2026-AVI-0564, published on 12 May 2026, the vulnerabilities affect all SPIP versions prior to 4.4.14.
The core risk is serious: the vulnerabilities allow an attacker to perform remote arbitrary code execution. In plain terms, this means someone outside your organisation could potentially run malicious code on your server without needing physical access to it.
Who is affected
If your website runs on SPIP and you have not yet updated to version 4.4.14, your site may be at risk. CERT-FR advises users to apply the vendor's security bulletin to obtain the necessary patches. The fixed version is SPIP 4.4.14.
What you should do
According to CERT-FR, the recommended action is straightforward: update SPIP to version 4.4.14. To do this:
- Check your SPIP version. Log in to your SPIP admin panel and look for the version number, usually displayed in the dashboard or settings area.
- Apply the update. Follow the instructions in the SPIP security bulletin to install the patched version.
- If you use a web developer or agency, contact them today and ask them to confirm your SPIP installation is running version 4.4.14 or later.
If you are unsure whether your website uses SPIP, your web developer or hosting provider can check this for you.
Keeping your site secure
Vulnerabilities like this are a reminder that keeping your website software up to date is one of the most important things you can do for your business. Outdated software is one of the most common entry points for attackers. Our security checklist for small businesses walks you through the basics, and our guide on vulnerable plugins and software explains what to look out for more broadly.
What does this mean for your website?
If your website runs on SPIP, this advisory applies to you directly and updating to version 4.4.14 should be your priority this week. Under UK GDPR and the Data Protection Act 2018, you have a responsibility to keep personal data secure, and running software with known vulnerabilities could put you in breach of that obligation. Taking action now is both a practical and a legal safeguard for your business.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
Security
Spring 2026 web security roundup: what changed in 6 weeks
SPIP, Spring, NGINX, cPanel, Let's Encrypt, MD5, Windows worm CVEs and a WordPress backdoor — a grounded recap of late April to mid May 2026.
4 min read
Security
Four WordPress plugin vulnerabilities disclosed in March-April 2026
MW WP Form, Perfmatters, Tutor LMS Pro and Smart Slider 3 each had a security bug disclosed this spring. What needs updating, and how urgent.
3 min read
Security
Spring Vulnerabilities: CERT-FR Advisory on Security Risks
CERT-FR published advisory CERTFR-2026-AVI-0554 on 11 May 2026 reporting multiple vulnerabilities in Spring products, including risks of remote code execution, remote denial of service, and data…
2 min read