<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-18T21:31:25.357036+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/eb341e88-d81b-4047-b033-279790073a63/export</id>
    <title>eb341e88-d81b-4047-b033-279790073a63</title>
    <updated>2026-07-18T21:31:25.384700+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "eb341e88-d81b-4047-b033-279790073a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/kotosecurity.bsky.social/post/3mqx5yezwym2e", "content": "\ud83d\udee1\ufe0f RECAP: WordPress 'wp2shell' \u2014 CVE-2026-63030 chained with CVE-2026-60137 gave unauthenticated RCE on a bare install. Emergency patch shipped (6.9.5/7.0.2 forced auto-update). Public PoC live. Src: The Hacker News", "creation_timestamp": "2026-07-18T21:02:12.706825Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/eb341e88-d81b-4047-b033-279790073a63/export"/>
    <published>2026-07-18T21:02:12.706825+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d12698d2-7dab-4ac8-997b-acec8f10b5e4/export</id>
    <title>d12698d2-7dab-4ac8-997b-acec8f10b5e4</title>
    <updated>2026-07-18T21:31:25.387307+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d12698d2-7dab-4ac8-997b-acec8f10b5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/GithubRedTeam/94040", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Vulnerability Scanner\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a abdal-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ebrasha\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 20:02:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAbdal CVE-2026-63030 is a professional WordPress vulnerability scanner designed to detect exposure to CVE-2026-63030 through version analysis and REST API security checks. Developed by Ebrahim Shafiei (EbraSha) for cybersecurity research, penetration testing, and WordPress security assessment.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T21:00:03.823678Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d12698d2-7dab-4ac8-997b-acec8f10b5e4/export"/>
    <published>2026-07-18T21:00:03.823678+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ee13a476-a83d-48fc-bab3-fa0f5ec20955/export</id>
    <title>ee13a476-a83d-48fc-bab3-fa0f5ec20955</title>
    <updated>2026-07-18T21:31:25.387409+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ee13a476-a83d-48fc-bab3-fa0f5ec20955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/GithubRedTeam/94036", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WordPresShell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a securelayer7\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 19:57:45\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE PoC for CVE-2026-63030 / CVE-2026-60137 (WordPress core)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T21:00:03.719122Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ee13a476-a83d-48fc-bab3-fa0f5ec20955/export"/>
    <published>2026-07-18T21:00:03.719122+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6bd1e42d-9c79-4c9e-a3da-2c64de23bfca/export</id>
    <title>6bd1e42d-9c79-4c9e-a3da-2c64de23bfca</title>
    <updated>2026-07-18T21:31:25.387479+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6bd1e42d-9c79-4c9e-a3da-2c64de23bfca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94031", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #POC #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a yoerivegt\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 19:02:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwp2shell (CVE-2026-60137 / CVE-2026-63030)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:04.181776Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6bd1e42d-9c79-4c9e-a3da-2c64de23bfca/export"/>
    <published>2026-07-18T20:00:04.181776+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9bb515b7-e858-4660-98db-f0565ecd4121/export</id>
    <title>9bb515b7-e858-4660-98db-f0565ecd4121</title>
    <updated>2026-07-18T21:31:25.387543+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9bb515b7-e858-4660-98db-f0565ecd4121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/GithubRedTeam/94024", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell_scanner\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a zi3lak\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:56:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive detection scanner for the WordPress wp2shell pre-auth RCE chain (CVE-2026-63030 + CVE-2026-60137). Detection-only, no exploitation.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:04.072045Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9bb515b7-e858-4660-98db-f0565ecd4121/export"/>
    <published>2026-07-18T20:00:04.072045+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0aa98fe4-ea9b-4aaf-8aa2-7775d14bb25f/export</id>
    <title>0aa98fe4-ea9b-4aaf-8aa2-7775d14bb25f</title>
    <updated>2026-07-18T21:31:25.387614+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0aa98fe4-ea9b-4aaf-8aa2-7775d14bb25f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94025", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xWhoknows\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:33:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAutomated exploit chain for CVE-2026-63030 / CVE-2026-60137 \u2014 unauthenticated blind SQLi via WordPress REST batch route-confusion. Dumps user hashes, cracks credentials, deploys webshell. Supports single target and bulk site lists. For authorized security testing only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:03.996620Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0aa98fe4-ea9b-4aaf-8aa2-7775d14bb25f/export"/>
    <published>2026-07-18T20:00:03.996620+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/01989d2c-051d-4a7b-b244-c0b335eef230/export</id>
    <title>01989d2c-051d-4a7b-b244-c0b335eef230</title>
    <updated>2026-07-18T21:31:25.387678+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "01989d2c-051d-4a7b-b244-c0b335eef230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94030", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-63030-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrx-arafat\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:21:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:03.909368Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/01989d2c-051d-4a7b-b244-c0b335eef230/export"/>
    <published>2026-07-18T20:00:03.909368+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/727c5ae7-f5c7-428f-8327-b49ecf76cfd1/export</id>
    <title>727c5ae7-f5c7-428f-8327-b49ecf76cfd1</title>
    <updated>2026-07-18T21:31:25.387747+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "727c5ae7-f5c7-428f-8327-b49ecf76cfd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwythttjh2u", "content": "CVE-2026-63030: WordPress wp2shell Exploits\u2014Panic or Proactive Response? #CVE2026 #WordPress #CyberSecurity", "creation_timestamp": "2026-07-18T19:29:59.536536Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/727c5ae7-f5c7-428f-8327-b49ecf76cfd1/export"/>
    <published>2026-07-18T19:29:59.536536+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cdd3ab0c-51b8-4984-b6a6-d2bfbe020b1e/export</id>
    <title>cdd3ab0c-51b8-4984-b6a6-d2bfbe020b1e</title>
    <updated>2026-07-18T21:31:25.387806+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cdd3ab0c-51b8-4984-b6a6-d2bfbe020b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwytdoirq2g", "content": "CVE-2026-63030: WordPress wp2shell RCE Exploits Highlight Patch Urgency #WordPress #CVE2026 #CyberSecurity", "creation_timestamp": "2026-07-18T19:29:55.238279Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cdd3ab0c-51b8-4984-b6a6-d2bfbe020b1e/export"/>
    <published>2026-07-18T19:29:55.238279+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f6216559-3673-4d8d-93e2-eb331129b461/export</id>
    <title>f6216559-3673-4d8d-93e2-eb331129b461</title>
    <updated>2026-07-18T21:31:25.387865+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f6216559-3673-4d8d-93e2-eb331129b461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwytaiwxw2l", "content": "CVE-2026-63030: WordPress Core Flaws Expose Over 500 Million Sites\u2014Update Required #WordPress #CyberSecurity #CVE2026", "creation_timestamp": "2026-07-18T19:29:52.101428Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f6216559-3673-4d8d-93e2-eb331129b461/export"/>
    <published>2026-07-18T19:29:52.101428+00:00</published>
  </entry>
</feed>
