<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T13:32:58.540974+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/885e4207-0079-446b-8cfb-7dae58a4186f/export</id>
    <title>885e4207-0079-446b-8cfb-7dae58a4186f</title>
    <updated>2026-07-15T13:32:58.568424+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "885e4207-0079-446b-8cfb-7dae58a4186f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116911851743337008", "content": "CVE-2026-7655 - Privilege Escalation via account takeover in SureCart plugin for WordPress. CVSS 8.1. Unauthenticated attackers can change admin email addresses. No patch available. Update now. #CVE #WordPress #infosec\nhttps://www.valtersit.com/cve/CVE-2026-7655/", "creation_timestamp": "2026-07-13T09:01:25.440114Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/885e4207-0079-446b-8cfb-7dae58a4186f/export"/>
    <published>2026-07-13T09:01:25.440114+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/370808b7-9fa0-4c2e-9891-e2cf4950b268/export</id>
    <title>370808b7-9fa0-4c2e-9891-e2cf4950b268</title>
    <updated>2026-07-15T13:32:58.571075+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "370808b7-9fa0-4c2e-9891-e2cf4950b268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqjdehglwa2n", "content": "CVE-2026-7655 - Privilege Escalation via account takeover in SureCart plugin for WordPress. CVSS 8.1. Unauthenticated attackers can change admin email addresses. No patch available. Update now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-7655/", "creation_timestamp": "2026-07-13T09:01:10.303135Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/370808b7-9fa0-4c2e-9891-e2cf4950b268/export"/>
    <published>2026-07-13T09:01:10.303135+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/eed84a79-d04e-44e3-b95e-9c05ee77be54/export</id>
    <title>eed84a79-d04e-44e3-b95e-9c05ee77be54</title>
    <updated>2026-07-15T13:32:58.571214+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "eed84a79-d04e-44e3-b95e-9c05ee77be54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqif5a2gkf2j", "content": "CVE-2026-7655. CVSS 8.1. SureCart lets unauthenticated attackers hijack customer accounts via webhook exploitation. Email, payment methods, order history\u2014all takeover vectors. No patch available. Disable SureCart now. Scan your WordPress site: pulse-wp.com\n#WordPress #AccessControl #CyberSecurity", "creation_timestamp": "2026-07-13T00:00:18.535556Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/eed84a79-d04e-44e3-b95e-9c05ee77be54/export"/>
    <published>2026-07-13T00:00:18.535556+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/783e6cdf-410a-41d5-b543-ee9fe6917dd8/export</id>
    <title>783e6cdf-410a-41d5-b543-ee9fe6917dd8</title>
    <updated>2026-07-15T13:32:58.571329+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "783e6cdf-410a-41d5-b543-ee9fe6917dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqefrfptk52d", "content": "\ud83d\udfe0 CVE-2026-7655 - High (8.1)\n\nThe SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in v...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-7655/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T10:00:53.941705Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/783e6cdf-410a-41d5-b543-ee9fe6917dd8/export"/>
    <published>2026-07-11T10:00:53.941705+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6b392ca5-d3a7-487e-af89-4a7e8ea350f0/export</id>
    <title>6b392ca5-d3a7-487e-af89-4a7e8ea350f0</title>
    <updated>2026-07-15T13:32:58.571437+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6b392ca5-d3a7-487e-af89-4a7e8ea350f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqe5xdiwcq2k", "content": "CVE-2026-7655 - SureCart\nCVE ID : CVE-2026-7655\n \n Published : July 11, 2026, 6:16 a.m. | 1\u00a0hour, 7\u00a0minutes ago\n \n Description : The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to...", "creation_timestamp": "2026-07-11T07:41:06.474811Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6b392ca5-d3a7-487e-af89-4a7e8ea350f0/export"/>
    <published>2026-07-11T07:41:06.474811+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4bdfa11c-a209-4ae4-9eb4-84fac3fc35b7/export</id>
    <title>4bdfa11c-a209-4ae4-9eb4-84fac3fc35b7</title>
    <updated>2026-07-15T13:32:58.571548+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4bdfa11c-a209-4ae4-9eb4-84fac3fc35b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7655", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe22ueiod22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-7655 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 SureCart \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/A8C70316-F80B-4D3B-99E2-6B9CA2ABF470", "creation_timestamp": "2026-07-11T06:31:25.825130Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4bdfa11c-a209-4ae4-9eb4-84fac3fc35b7/export"/>
    <published>2026-07-11T06:31:25.825130+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9e278277-e157-4007-8694-b207c9090518/export</id>
    <title>9e278277-e157-4007-8694-b207c9090518</title>
    <updated>2026-07-15T13:32:58.571659+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9e278277-e157-4007-8694-b207c9090518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7655", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdydvch3z2d", "content": "SureCart \u22644.2.3 (WordPress): HIGH severity vuln (CVE-2026-7655) lets attackers hijack accounts via weak identity checks in webhook sync. Restrict webhook access &amp;amp; monitor updates until patch confirmed. https://radar.offseq.com/threat/cve-2026-7655-cwe-640-weak-password-recovery-mecha-a10bd5499dce...", "creation_timestamp": "2026-07-11T06:00:42.077008Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9e278277-e157-4007-8694-b207c9090518/export"/>
    <published>2026-07-11T06:00:42.077008+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4a108d7d-fc2e-4ed9-aa06-ca719533b338/export</id>
    <title>4a108d7d-fc2e-4ed9-aa06-ca719533b338</title>
    <updated>2026-07-15T13:32:58.571761+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4a108d7d-fc2e-4ed9-aa06-ca719533b338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7655", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899815763339331", "content": "CVE-2026-7655 | HIGH severity in SureCart WordPress plugin (\u22644.2.3): Unauthenticated attackers can hijack accounts, including admins, by exploiting weak email validation in webhook sync. Restrict webhook access, monitor activity. https://radar.offseq.com/threat/cve-2026-7655-cwe-640-weak-password-recovery-mecha-a10bd5499dcec0f1 #OffSeq #WordPress #Infosec #Vuln", "creation_timestamp": "2026-07-11T06:00:32.044347Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4a108d7d-fc2e-4ed9-aa06-ca719533b338/export"/>
    <published>2026-07-11T06:00:32.044347+00:00</published>
  </entry>
</feed>
