{"uuid": "a81aa25f-79da-4bb8-9853-5743340d865e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12415", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mparsjsyrw2u", "content": "CRITICAL: pravel Invoice Generator \u22641.0.0 lets unauthenticated attackers hijack any WordPress account \u2014 incl. admins \u2014 via exposed AJAX. Disable plugin or block pravel_invoice_edit_account() now. https://radar.offseq.com/threat/cve-2026-12415-cwe-269-improper-privilege-manageme-3c4b296b228a674f #...", "creation_timestamp": "2026-06-27T06:00:26.237747Z"}