https://vulnerability.circl.lu/sightings/feed 2026-06-24T22:10:19.422268+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/d8295e3a-3848-4af9-a2e8-5cedf368bcab/export 2026-06-24T22:10:19.439933+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d8295e3a-3848-4af9-a2e8-5cedf368bcab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnfydurlxt2l", "content": "Critical 98 Kirki Plugin Flaw Exploited in the Wild \u2014 Over 150K WordPress Sites at Risk of Complete Admin Takeover +\u00a0Video\n\nIntroduction: A critical vulnerability designated CVE-2026-8206 with a CVSS score of 9.8 has been discovered in the Kirki \u2013 Freeform Page Builder, Website Builder & Customizer\u2026", "creation_timestamp": "2026-06-03T20:50:26.079215Z"} 2026-06-03T20:50:26.079215+00:00 https://vulnerability.circl.lu/sighting/16788b4c-517a-41a6-b04a-5b940230a297/export 2026-06-24T22:10:19.439814+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "16788b4c-517a-41a6-b04a-5b940230a297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mng4d727q22h", "content": "Critical Kirki flaw exploited to hijack WordPress admin accounts\n\nHackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]\n#hackernews #news", "creation_timestamp": "2026-06-03T22:01:38.344644Z"} 2026-06-03T22:01:38.344644+00:00 https://vulnerability.circl.lu/sighting/e4ca24da-bd26-4712-b3da-c45afd3fa6fe/export 2026-06-24T22:10:19.438774+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "e4ca24da-bd26-4712-b3da-c45afd3fa6fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://dnsc.ro/citeste/alerta-vulnerabilitate-critica-la-nivelul-plugin-ului-wordpress-kirki", "content": "", "creation_timestamp": "2026-06-04T03:19:04.000000Z"} 2026-06-04T03:19:04+00:00 https://vulnerability.circl.lu/sighting/8619856f-8124-4dee-b64c-8c971d10182c/export 2026-06-24T22:10:19.438652+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "8619856f-8124-4dee-b64c-8c971d10182c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/cwealthsentinel.bsky.social/post/3mnitm35b7o2x", "content": "Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.", "creation_timestamp": "2026-06-05T00:03:31.248603Z"} 2026-06-05T00:03:31.248603+00:00 https://vulnerability.circl.lu/sighting/41c415a1-0bb0-4973-8207-43e7f7eb29b3/export 2026-06-24T22:10:19.438533+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "41c415a1-0bb0-4973-8207-43e7f7eb29b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "Telegram/RwJKjP0hmLSY4_8--kRvPD8WFGr06KWtQNe3VA43hzgYOlg", "content": "", "creation_timestamp": "2026-06-05T11:00:12.000000Z"} 2026-06-05T11:00:12+00:00 https://vulnerability.circl.lu/sighting/48af6220-1bfb-40a1-90fc-1bb82945c088/export 2026-06-24T22:10:19.438414+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "48af6220-1bfb-40a1-90fc-1bb82945c088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/eatransform.bsky.social/post/3mno6lo36g42c", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3Kirki\u306b\u91cd\u5927\u306a\u8106\u5f31\u6027\u30fb50\u4e07\u30b5\u30a4\u30c8\u304c\u7ba1\u7406\u8005\u4e57\u3063\u53d6\u308a\u306e\u30ea\u30b9\u30af\u3010CVE-2026-8206\u3011", "creation_timestamp": "2026-06-07T03:03:27.425702Z"} 2026-06-07T03:03:27.425702+00:00 https://vulnerability.circl.lu/sighting/0d742038-4a23-4282-a38f-361ed774cf51/export 2026-06-24T22:10:19.438297+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0d742038-4a23-4282-a38f-361ed774cf51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mnrvn345pz2g", "content": "A critical vulnerability (CVE-2026-8206) in the Kirki WordPress plugin affects over 500,000 websites, with around 150,000 actively vulnerable. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to escalate privileges via a flawed password reset mechanism.", "creation_timestamp": "2026-06-08T14:33:51.358147Z"} 2026-06-08T14:33:51.358147+00:00 https://vulnerability.circl.lu/sighting/1098d651-9c02-479f-aa9d-9d19da7ac6a6/export 2026-06-24T22:10:19.438171+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1098d651-9c02-479f-aa9d-9d19da7ac6a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mo4ny3b3ob2f", "content": "CVE-2026-8206 kirki (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #kirki", "creation_timestamp": "2026-06-12T21:16:06.729244Z"} 2026-06-12T21:16:06.729244+00:00 https://vulnerability.circl.lu/sighting/ee6036fb-1341-4c67-9f66-a00bcef1dc9a/export 2026-06-24T22:10:19.438021+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "ee6036fb-1341-4c67-9f66-a00bcef1dc9a", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/345b6811-3cdc-4037-ba3a-7ebeb5e8a04a", "content": "", "creation_timestamp": "2026-06-19T12:45:10.873386Z"} 2026-06-19T12:45:10.873386+00:00 https://vulnerability.circl.lu/sighting/ede73c0b-a2a6-4f83-aa96-0573390dff90/export 2026-06-24T22:10:19.436109+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "ede73c0b-a2a6-4f83-aa96-0573390dff90", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8206", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/66744c07-8d93-4754-917a-e13e9c33ca75", "content": "", "creation_timestamp": "2026-06-23T14:03:02.454391Z"} 2026-06-23T14:03:02.454391+00:00