{"vulnerability": "CVE-2026-7655", "sightings": [{"uuid": "4a108d7d-fc2e-4ed9-aa06-ca719533b338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7655", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899815763339331", "content": "CVE-2026-7655 | HIGH severity in SureCart WordPress plugin (\u22644.2.3): Unauthenticated attackers can hijack accounts, including admins, by exploiting weak email validation in webhook sync. Restrict webhook access, monitor activity. https://radar.offseq.com/threat/cve-2026-7655-cwe-640-weak-password-recovery-mecha-a10bd5499dcec0f1 #OffSeq #WordPress #Infosec #Vuln", "creation_timestamp": "2026-07-11T06:00:32.044347Z"}, {"uuid": "9e278277-e157-4007-8694-b207c9090518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7655", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdydvch3z2d", "content": "SureCart \u22644.2.3 (WordPress): HIGH severity vuln (CVE-2026-7655) lets attackers hijack accounts via weak identity checks in webhook sync. Restrict webhook access &amp; monitor updates until patch confirmed. https://radar.offseq.com/threat/cve-2026-7655-cwe-640-weak-password-recovery-mecha-a10bd5499dce...", "creation_timestamp": "2026-07-11T06:00:42.077008Z"}, {"uuid": "4bdfa11c-a209-4ae4-9eb4-84fac3fc35b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe22ueiod22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-7655 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 SureCart \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/A8C70316-F80B-4D3B-99E2-6B9CA2ABF470", "creation_timestamp": "2026-07-11T06:31:25.825130Z"}, {"uuid": "6b392ca5-d3a7-487e-af89-4a7e8ea350f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqe5xdiwcq2k", "content": "CVE-2026-7655 - SureCart\nCVE ID : CVE-2026-7655\n \n Published : July 11, 2026, 6:16 a.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to...", "creation_timestamp": "2026-07-11T07:41:06.474811Z"}, {"uuid": "783e6cdf-410a-41d5-b543-ee9fe6917dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqefrfptk52d", "content": "\ud83d\udfe0 CVE-2026-7655 - High (8.1)\n\nThe SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in v...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-7655/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T10:00:53.941705Z"}]}