{"uuid": "f7de6d23-8280-47d4-9064-9c0bd66ae0db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11387", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116844254575740206", "content": "CVE-2026-11387 | SMS Alert \u2013 SMS &amp; OTP for WooCommerce &lt;=3.9.5 has a CRITICAL auth flaw (CVSS 9.8): Unauth attackers can take over any WP account if OTP resets &amp; phone numbers are enabled. Disable OTP resets ASAP. https://radar.offseq.com/threat/cve-2026-11387-cwe-287-improper-authentication-in--cb792a6868247a84 #OffSeq #WordPress #Infosec", "creation_timestamp": "2026-07-01T10:30:34.645846Z"}