{"vulnerability": "cve-2026-11563", "sightings": [{"uuid": "c2843b55-8d94-4a30-861c-ca04d437867c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11563", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqlvi56bjx2l", "content": "CVE-2026-11563 - Word Count and Social Shares\nCVE ID : CVE-2026-11563\n \n Published : 14. Juli 2026 06:16 | 1\u00a0Stunde, 13\u00a0Minuten ago\n \n Description : The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor d...", "creation_timestamp": "2026-07-14T09:30:41.113115Z"}, {"uuid": "6b55678b-130c-432b-b138-5721a7e73fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11563", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmdnci5jv2r", "content": "CVE-2026-11563 - word count and social shares\nThe Word Count and Social Shares WordPress plugin, used by sites with subscriber-level users, allows these users to delete any files on the server. This could be used to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#unknown #CVE #infosec", "creation_timestamp": "2026-07-14T13:44:06.587272Z"}, {"uuid": "b16257c8-229e-46d3-8a05-16cb2259bb38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11563", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqmrx5mbf72r", "content": "CVE-2026-11563. CVSS 9.6. Word Count and Social Shares plugin lets any Subscriber delete arbitrary files. wp-config.php gone. Database exposed. Full takeover. No patch available. Disable it now. Scan your WordPress site: pulse-wp.com\n#WordPress #CSRF #CyberSecurity", "creation_timestamp": "2026-07-14T18:00:09.572014Z"}]}