{"vulnerability": "cve-2026-1058", "sightings": [{"uuid": "5d323a04-6b74-4c78-861e-e0311120e435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mniyhk3bqm2d", "content": "HIGH severity SSRF in Gutenberg Essential Blocks (WordPress plugin) lets Authors+ send arbitrary server requests. No patch yet \u2014 restrict Author access & monitor activity. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:28.744138Z"}, {"uuid": "ff61b99b-d95a-4fce-b9b1-b9a350db18e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndijydnwa2f", "content": "CVE-2026-10584 - HTTPS Fallback to HTTP in Graph Explorer\nCVE ID : CVE-2026-10584\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might all...", "creation_timestamp": "2026-06-02T21:02:11.210530Z"}, {"uuid": "587c84e6-830a-4859-b938-a3d787f8d28c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10586", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnjhjxnha72r", "content": "Gutenberg Essential Blocks lets authenticated users make arbitrary web requests from your server. SSRF at 7.2/10 (CVE-2026-10586). They grab wp-config, internal APIs, cloud metadata. Update to 6.1.3 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-05T06:00:15.181956Z"}, {"uuid": "4244681f-08ee-4b77-9640-b485285c6212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116694910594929909", "content": "\u26a0\ufe0f CVE-2026-10586: HIGH severity SSRF in Gutenberg Essential Blocks for WordPress (\u22646.1.3). Authors+ can send arbitrary server requests via save_ai_generated_image(). No patch yet \u2014 restrict access & monitor. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:40.994823Z"}, {"uuid": "0e161c6e-6b86-419b-a05c-46827e3e1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p", "content": "\ud83d\udd34 CVE-2026-10580 - Critical (9.8)\n\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10580/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T20:01:43.987860Z"}, {"uuid": "e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c", "content": "CVE-2026-10580. CVSS 9.8. Hippoo Mobile App for WooCommerce lets any visitor take over admin accounts. No authentication required. Update to 1.9.4 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-06T00:00:12.942192Z"}, {"uuid": "a2cc85d3-ae1c-4675-908b-ec1755bcdc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnpdq65dfl2s", "content": "CVE-2026-10580 - Critical Authentication Bypass in Hippoo WordPress plugin. Flaw conflates admin and unauthenticated user permissions, allowing full admin takeover. CVSS 9.8. No patch available. Disable plugin now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-10580/", "creation_timestamp": "2026-06-07T14:08:08.097746Z"}]}