<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-19T02:04:41.027711+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3a80f681-887a-4e44-8271-6e778e523df6/export</id>
    <title>3a80f681-887a-4e44-8271-6e778e523df6</title>
    <updated>2026-07-19T02:04:41.056079+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3a80f681-887a-4e44-8271-6e778e523df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wordpress-poc-pubblico-per-lo-sfruttamento-delle-cve-2026-60137-e-cve-2026-63030", "content": "Disponibile Proof of Concept (PoC) per le vulnerabilit\u00e0 identificate dalle CVE-2026-60137 e CVE-2026-63030, gi\u00e0 sanate dal vendor, che interessa il prodotto WordPress Core.", "creation_timestamp": "2026-07-19T01:00:42.439457Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3a80f681-887a-4e44-8271-6e778e523df6/export"/>
    <published>2026-07-19T01:00:42.439457+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/34ac20b5-951e-4e3e-80f7-f6a5226bb546/export</id>
    <title>34ac20b5-951e-4e3e-80f7-f6a5226bb546</title>
    <updated>2026-07-19T02:04:41.058404+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "34ac20b5-951e-4e3e-80f7-f6a5226bb546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93917", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wordpress-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Senanfurkan\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 00:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE in WordPress Core via REST API batch route confusion + WP_Query SQLi (CVE-2026-63030 / CVE-2026-60137). Detection PoC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:40.148113Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/34ac20b5-951e-4e3e-80f7-f6a5226bb546/export"/>
    <published>2026-07-19T00:00:40.148113+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/963c1c28-26c3-4039-b175-c73c19c266a9/export</id>
    <title>963c1c28-26c3-4039-b175-c73c19c266a9</title>
    <updated>2026-07-19T02:04:41.058506+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "963c1c28-26c3-4039-b175-c73c19c266a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93933", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 47Cid\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 03:53:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEducational PoC + lab for CVE-2026-63030 + CVE-2026-60137: pre-auth SQLi in WordPress core via REST batch-route confusion\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.772564Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/963c1c28-26c3-4039-b175-c73c19c266a9/export"/>
    <published>2026-07-19T00:00:28.772564+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/75956633-4c25-43aa-8bde-a03e8aee4b2e/export</id>
    <title>75956633-4c25-43aa-8bde-a03e8aee4b2e</title>
    <updated>2026-07-19T02:04:41.058590+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "75956633-4c25-43aa-8bde-a03e8aee4b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ekomsSavior\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 06:55:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (RCE) + CVE-2026-60137 (SQLi)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.652646Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/75956633-4c25-43aa-8bde-a03e8aee4b2e/export"/>
    <published>2026-07-19T00:00:28.652646+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4/export</id>
    <title>1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4</title>
    <updated>2026-07-19T02:04:41.058662+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93958", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WP2Shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NULL200OK\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 07:52:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nWP2Shell - CVE-2026-63030 / CVE-2026-60137 This tool exploits a critical SQL injection vulnerability in the WordPress REST API `/wp-json/batch/v1` endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and achieve Remote Code Execution (RCE) on vulnerable WordPress installations.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.582141Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1aeb1e3a-48f1-4eb8-aaeb-415f2889c8c4/export"/>
    <published>2026-07-19T00:00:28.582141+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2cd449d3-acb9-419c-b035-74299bb3e9e8/export</id>
    <title>2cd449d3-acb9-419c-b035-74299bb3e9e8</title>
    <updated>2026-07-19T02:04:41.058733+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2cd449d3-acb9-419c-b035-74299bb3e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9544", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n\n&amp;gt; CVE-2026-63030 breaks REST batch routing\n&amp;gt; CVE-2026-60137 injects SQL\n\nChained, they give an anonymous attacker code execution on affected WordPress sites.\n\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-19T00:00:28.506488Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2cd449d3-acb9-419c-b035-74299bb3e9e8/export"/>
    <published>2026-07-19T00:00:28.506488+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4dd89ccf-6324-4141-a28e-2e92dbc220bc/export</id>
    <title>4dd89ccf-6324-4141-a28e-2e92dbc220bc</title>
    <updated>2026-07-19T02:04:41.058805+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4dd89ccf-6324-4141-a28e-2e92dbc220bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93979", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kulichr\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 10:08:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive checker for CVE-2026-63030 / CVE-2026-60137 (\"wp2shell\"), a pre-authentication RCE chain in WordPress core.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:28.355724Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4dd89ccf-6324-4141-a28e-2e92dbc220bc/export"/>
    <published>2026-07-19T00:00:28.355724+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1ed47b7e-def2-4f40-9326-48b2411f8cd1/export</id>
    <title>1ed47b7e-def2-4f40-9326-48b2411f8cd1</title>
    <updated>2026-07-19T02:04:41.058873+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1ed47b7e-def2-4f40-9326-48b2411f8cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94005", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xsha\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 14:29:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 + CVE-2026-60137 - \u201cwp2shell\u201d: unauthenticated RCE in WordPress core\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:11.892588Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1ed47b7e-def2-4f40-9326-48b2411f8cd1/export"/>
    <published>2026-07-19T00:00:11.892588+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4e19ce8e-627e-472c-b90c-8c235dc9f5f1/export</id>
    <title>4e19ce8e-627e-472c-b90c-8c235dc9f5f1</title>
    <updated>2026-07-19T02:04:41.058941+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4e19ce8e-627e-472c-b90c-8c235dc9f5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94017", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a h4cd0c\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 16:41:06\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwp2shell \u2014 Pre-authentication RCE in WordPress Core (CVE-2026-60137 + CVE-2026-63030). Chains an SQL injection in author__not_in with batch-route confusion for unauthenticated remote code execution on WP 6.9.0\u20136.9.4 / 7.0.0\u20137.0.1.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-19T00:00:11.004435Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4e19ce8e-627e-472c-b90c-8c235dc9f5f1/export"/>
    <published>2026-07-19T00:00:11.004435+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e91ad276-7f66-4e54-80bd-d1c605a0b748/export</id>
    <title>e91ad276-7f66-4e54-80bd-d1c605a0b748</title>
    <updated>2026-07-19T02:04:41.059010+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e91ad276-7f66-4e54-80bd-d1c605a0b748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityIL/86094", "content": "\ud83c\udf10\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05e9\u05ea\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05e4\u05dc\u05d8\u05e4\u05d5\u05e8\u05de\u05ea Wordpress \u05d4\u05de\u05d0\u05e4\u05e9\u05e8\u05d5\u05ea (\u05d9\u05d7\u05d3) \u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea CVE-2026-60137 \u05d5-CVE-2026-63030 \u05db\u05d5\u05dc\u05dc\u05d5\u05ea \u05db\u05d1\u05e8 POC \u05e2\u05d5\u05d1\u05d3 \u05e9\u05e4\u05d5\u05e8\u05e1\u05dd \u05d1\u05e8\u05e9\u05ea, \u05e7\u05d9\u05d1\u05dc\u05d5 \u05d0\u05ea \u05d4\u05db\u05d9\u05e0\u05d5\u05d9 wp2shell, \u05d5\u05d4\u05df \u05e4\u05d5\u05e6'\u05e4\u05e6'\u05d5 \u05d1\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea 6.9.5 \u05d5-7.0.2.\n\nhttps://t.me/CyberSecurityIL/9229", "creation_timestamp": "2026-07-19T00:00:09.893754Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e91ad276-7f66-4e54-80bd-d1c605a0b748/export"/>
    <published>2026-07-19T00:00:09.893754+00:00</published>
  </entry>
</feed>
