<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 19 Jul 2026 06:29:25 +0000</lastBuildDate>
    <item>
      <title>15056f9d-2a60-49b7-b917-81251d488ae1</title>
      <link>https://vulnerability.circl.lu/sighting/15056f9d-2a60-49b7-b917-81251d488ae1/export</link>
      <description>{"uuid": "15056f9d-2a60-49b7-b917-81251d488ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://t.me/cyberbannews_ir/22721", "content": "\ud83d\udd34 \u0647\u0634\u062f\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc\u061b \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u062f\u0631 \u0648\u0631\u062f\u067e\u0631\u0633 \u0628\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\n\n\ud83d\udd3b \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2026-60137 \u0648 CVE-2026-63030 \u062f\u0631 \u0648\u0631\u062f\u067e\u0631\u0633 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0635\u0648\u0631\u062a \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0645\u0632\u0645\u0627\u0646\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\n\ud83d\udd3b \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0646\u0645\u0648\u0646\u0647 \u06a9\u062f \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 (PoC) \u0628\u0627 \u0646\u0627\u0645 wp2shell \u0646\u06cc\u0632 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0648 \u062e\u0637\u0631 \u062d\u0645\u0644\u0627\u062a \u0631\u0627 \u0627\u0641\u0632\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\udd39 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 6.9.5 \u0648 7.0.2 \u0648\u0631\u062f\u067e\u0631\u0633 \u0631\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u0648 \u0628\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a\u200c\u0647\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0647\u0631\u0686\u0647 \u0633\u0631\u06cc\u0639\u200c\u062a\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc\u062f \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u0646\u062f.\n\n#\u062a\u0647\u062f\u06cc\u062f_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc #\u0648\u0631\u062f\u067e\u0631\u0633\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83d\udd39\ud83d\udd39 @cyberbannews_ir", "creation_timestamp": "2026-07-19T06:00:03.295934Z"}</description>
      <content:encoded>{"uuid": "15056f9d-2a60-49b7-b917-81251d488ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://t.me/cyberbannews_ir/22721", "content": "\ud83d\udd34 \u0647\u0634\u062f\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc\u061b \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u062f\u0631 \u0648\u0631\u062f\u067e\u0631\u0633 \u0628\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\n\n\ud83d\udd3b \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2026-60137 \u0648 CVE-2026-63030 \u062f\u0631 \u0648\u0631\u062f\u067e\u0631\u0633 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0635\u0648\u0631\u062a \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0645\u0632\u0645\u0627\u0646\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\n\ud83d\udd3b \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0646\u0645\u0648\u0646\u0647 \u06a9\u062f \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 (PoC) \u0628\u0627 \u0646\u0627\u0645 wp2shell \u0646\u06cc\u0632 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0648 \u062e\u0637\u0631 \u062d\u0645\u0644\u0627\u062a \u0631\u0627 \u0627\u0641\u0632\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\udd39 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 6.9.5 \u0648 7.0.2 \u0648\u0631\u062f\u067e\u0631\u0633 \u0631\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u0648 \u0628\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a\u200c\u0647\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0647\u0631\u0686\u0647 \u0633\u0631\u06cc\u0639\u200c\u062a\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc\u062f \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u0646\u062f.\n\n#\u062a\u0647\u062f\u06cc\u062f_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc #\u0648\u0631\u062f\u067e\u0631\u0633\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83d\udd39\ud83d\udd39 @cyberbannews_ir", "creation_timestamp": "2026-07-19T06:00:03.295934Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/15056f9d-2a60-49b7-b917-81251d488ae1/export</guid>
      <pubDate>Sun, 19 Jul 2026 06:00:03 +0000</pubDate>
    </item>
    <item>
      <title>a01e0a82-865c-4abe-9b01-e769a7a4a445</title>
      <link>https://vulnerability.circl.lu/sighting/a01e0a82-865c-4abe-9b01-e769a7a4a445/export</link>
      <description>{"uuid": "a01e0a82-865c-4abe-9b01-e769a7a4a445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mqxycl25wi2d", "content": "Top 3 CVE for last 7 days:\nCVE-2026-58532: 47 interactions\nCVE-2026-15409: 21 interactions\nCVE-2026-63030: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-63030: 16 interactions\nCVE-2026-60137: 9 interactions\nCVE-2026-62857: 4 interactions\n", "creation_timestamp": "2026-07-19T04:53:12.138914Z"}</description>
      <content:encoded>{"uuid": "a01e0a82-865c-4abe-9b01-e769a7a4a445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mqxycl25wi2d", "content": "Top 3 CVE for last 7 days:\nCVE-2026-58532: 47 interactions\nCVE-2026-15409: 21 interactions\nCVE-2026-63030: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-63030: 16 interactions\nCVE-2026-60137: 9 interactions\nCVE-2026-62857: 4 interactions\n", "creation_timestamp": "2026-07-19T04:53:12.138914Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a01e0a82-865c-4abe-9b01-e769a7a4a445/export</guid>
      <pubDate>Sun, 19 Jul 2026 04:53:12 +0000</pubDate>
    </item>
    <item>
      <title>3a80f681-887a-4e44-8271-6e778e523df6</title>
      <link>https://vulnerability.circl.lu/sighting/3a80f681-887a-4e44-8271-6e778e523df6/export</link>
      <description>{"uuid": "3a80f681-887a-4e44-8271-6e778e523df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wordpress-poc-pubblico-per-lo-sfruttamento-delle-cve-2026-60137-e-cve-2026-63030", "content": "Disponibile Proof of Concept (PoC) per le vulnerabilit\u00e0 identificate dalle CVE-2026-60137 e CVE-2026-63030, gi\u00e0 sanate dal vendor, che interessa il prodotto WordPress Core.", "creation_timestamp": "2026-07-19T01:00:42.439457Z"}</description>
      <content:encoded>{"uuid": "3a80f681-887a-4e44-8271-6e778e523df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wordpress-poc-pubblico-per-lo-sfruttamento-delle-cve-2026-60137-e-cve-2026-63030", "content": "Disponibile Proof of Concept (PoC) per le vulnerabilit\u00e0 identificate dalle CVE-2026-60137 e CVE-2026-63030, gi\u00e0 sanate dal vendor, che interessa il prodotto WordPress Core.", "creation_timestamp": "2026-07-19T01:00:42.439457Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3a80f681-887a-4e44-8271-6e778e523df6/export</guid>
      <pubDate>Sun, 19 Jul 2026 01:00:42 +0000</pubDate>
    </item>
    <item>
      <title>34ac20b5-951e-4e3e-80f7-f6a5226bb546</title>
      <link>https://vulnerability.circl.lu/sighting/34ac20b5-951e-4e3e-80f7-f6a5226bb546/export</link>
      <description>{"uuid": "34ac20b5-951e-4e3e-80f7-f6a5226bb546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93917", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wordpress-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Senanfurkan\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 00:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE in WordPress Core via REST API batch route confusion + WP_Query SQLi (CVE-2026-63030 / CVE-2026-60137). Detection PoC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:40.148113Z"}</description>
      <content:encoded>{"uuid": "34ac20b5-951e-4e3e-80f7-f6a5226bb546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93917", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wordpress-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Senanfurkan\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 00:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE in WordPress Core via REST API batch route confusion + WP_Query SQLi (CVE-2026-63030 / CVE-2026-60137). Detection PoC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:40.148113Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/34ac20b5-951e-4e3e-80f7-f6a5226bb546/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:40 +0000</pubDate>
    </item>
    <item>
      <title>963c1c28-26c3-4039-b175-c73c19c266a9</title>
      <link>https://vulnerability.circl.lu/sighting/963c1c28-26c3-4039-b175-c73c19c266a9/export</link>
      <description>{"uuid": "963c1c28-26c3-4039-b175-c73c19c266a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93933", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 47Cid\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 03:53:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEducational PoC + lab for CVE-2026-63030 + CVE-2026-60137: pre-auth SQLi in WordPress core via REST batch-route confusion\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.772564Z"}</description>
      <content:encoded>{"uuid": "963c1c28-26c3-4039-b175-c73c19c266a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93933", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 47Cid\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 03:53:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEducational PoC + lab for CVE-2026-63030 + CVE-2026-60137: pre-auth SQLi in WordPress core via REST batch-route confusion\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.772564Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/963c1c28-26c3-4039-b175-c73c19c266a9/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:28 +0000</pubDate>
    </item>
    <item>
      <title>75956633-4c25-43aa-8bde-a03e8aee4b2e</title>
      <link>https://vulnerability.circl.lu/sighting/75956633-4c25-43aa-8bde-a03e8aee4b2e/export</link>
      <description>{"uuid": "75956633-4c25-43aa-8bde-a03e8aee4b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ekomsSavior\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 06:55:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (RCE) + CVE-2026-60137 (SQLi)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.652646Z"}</description>
      <content:encoded>{"uuid": "75956633-4c25-43aa-8bde-a03e8aee4b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ekomsSavior\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 06:55:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (RCE) + CVE-2026-60137 (SQLi)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.652646Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/75956633-4c25-43aa-8bde-a03e8aee4b2e/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:28 +0000</pubDate>
    </item>
    <item>
      <title>1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4</title>
      <link>https://vulnerability.circl.lu/sighting/1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4/export</link>
      <description>{"uuid": "1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93958", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WP2Shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NULL200OK\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 07:52:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nWP2Shell - CVE-2026-63030 / CVE-2026-60137 This tool exploits a critical SQL injection vulnerability in the WordPress REST API `/wp-json/batch/v1` endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and achieve Remote Code Execution (RCE) on vulnerable WordPress installations.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.582141Z"}</description>
      <content:encoded>{"uuid": "1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93958", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WP2Shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NULL200OK\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 07:52:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nWP2Shell - CVE-2026-63030 / CVE-2026-60137 This tool exploits a critical SQL injection vulnerability in the WordPress REST API `/wp-json/batch/v1` endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and achieve Remote Code Execution (RCE) on vulnerable WordPress installations.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.582141Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:28 +0000</pubDate>
    </item>
    <item>
      <title>2cd449d3-acb9-419c-b035-74299bb3e9e8</title>
      <link>https://vulnerability.circl.lu/sighting/2cd449d3-acb9-419c-b035-74299bb3e9e8/export</link>
      <description>{"uuid": "2cd449d3-acb9-419c-b035-74299bb3e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9544", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n\n&amp;gt; CVE-2026-63030 breaks REST batch routing\n&amp;gt; CVE-2026-60137 injects SQL\n\nChained, they give an anonymous attacker code execution on affected WordPress sites.\n\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-19T00:00:28.506488Z"}</description>
      <content:encoded>{"uuid": "2cd449d3-acb9-419c-b035-74299bb3e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9544", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n\n&amp;gt; CVE-2026-63030 breaks REST batch routing\n&amp;gt; CVE-2026-60137 injects SQL\n\nChained, they give an anonymous attacker code execution on affected WordPress sites.\n\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-19T00:00:28.506488Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2cd449d3-acb9-419c-b035-74299bb3e9e8/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:28 +0000</pubDate>
    </item>
    <item>
      <title>4dd89ccf-6324-4141-a28e-2e92dbc220bc</title>
      <link>https://vulnerability.circl.lu/sighting/4dd89ccf-6324-4141-a28e-2e92dbc220bc/export</link>
      <description>{"uuid": "4dd89ccf-6324-4141-a28e-2e92dbc220bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93979", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kulichr\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 10:08:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive checker for CVE-2026-63030 / CVE-2026-60137 (\"wp2shell\"), a pre-authentication RCE chain in WordPress core.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.355724Z"}</description>
      <content:encoded>{"uuid": "4dd89ccf-6324-4141-a28e-2e92dbc220bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93979", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kulichr\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 10:08:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive checker for CVE-2026-63030 / CVE-2026-60137 (\"wp2shell\"), a pre-authentication RCE chain in WordPress core.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.355724Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4dd89ccf-6324-4141-a28e-2e92dbc220bc/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:28 +0000</pubDate>
    </item>
    <item>
      <title>1ed47b7e-def2-4f40-9326-48b2411f8cd1</title>
      <link>https://vulnerability.circl.lu/sighting/1ed47b7e-def2-4f40-9326-48b2411f8cd1/export</link>
      <description>{"uuid": "1ed47b7e-def2-4f40-9326-48b2411f8cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94005", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xsha\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 14:29:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 + CVE-2026-60137 - \u201cwp2shell\u201d: unauthenticated RCE in WordPress core\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:11.892588Z"}</description>
      <content:encoded>{"uuid": "1ed47b7e-def2-4f40-9326-48b2411f8cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94005", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xsha\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 14:29:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 + CVE-2026-60137 - \u201cwp2shell\u201d: unauthenticated RCE in WordPress core\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:11.892588Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1ed47b7e-def2-4f40-9326-48b2411f8cd1/export</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:11 +0000</pubDate>
    </item>
  </channel>
</rss>
