<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T22:12:42.714738+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0675faa5-7847-4636-bb0d-6ee20f66ce2c/export</id>
    <title>0675faa5-7847-4636-bb0d-6ee20f66ce2c</title>
    <updated>2026-07-08T22:12:42.741463+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0675faa5-7847-4636-bb0d-6ee20f66ce2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12375", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mq36ouvxei2e", "content": "Your sites running uncanny-automator-pro? Admin sessions handed to strangers. Site secrets beaconed out. CVE-2026-12375. CVSS 9.8. No patch available yet. Disable the plugin now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-07T18:00:15.267113Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0675faa5-7847-4636-bb0d-6ee20f66ce2c/export"/>
    <published>2026-07-07T18:00:15.267113+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/478b989a-bd5d-408d-bc72-1a6ea4d3430c/export</id>
    <title>478b989a-bd5d-408d-bc72-1a6ea4d3430c</title>
    <updated>2026-07-08T22:12:42.743713+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "478b989a-bd5d-408d-bc72-1a6ea4d3430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12375", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2rwv43nq2l", "content": "CVE-2026-12375 - uncanny-automator-pro\nThe Uncanny Automator Pro WordPress plugin, used to automate tasks on websites, was compromised and distributed with malicious code. This allowed attackers to access and steal\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#unknown #CVE #infosec", "creation_timestamp": "2026-07-07T14:12:05.031450Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/478b989a-bd5d-408d-bc72-1a6ea4d3430c/export"/>
    <published>2026-07-07T14:12:05.031450+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e266b5df-6430-4ad3-8ca7-94591ce0dfbd/export</id>
    <title>e266b5df-6430-4ad3-8ca7-94591ce0dfbd</title>
    <updated>2026-07-08T22:12:42.743854+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e266b5df-6430-4ad3-8ca7-94591ce0dfbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12375", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878581993306054", "content": "CVE-2026-12375 (CRITICAL): uncanny-automator-pro v7.3.0.5 distributed with a hidden backdoor due to vendor supply chain compromise. Attackers can gain admin access &amp;amp; exfiltrate secrets. Remove/disable this version now. https://radar.offseq.com/threat/cve-2026-12375-cwe-912-hidden-functionality-in-unc-f847b0208ffd2506 #OffSeq #WordPress #SupplyChain", "creation_timestamp": "2026-07-07T12:00:31.791756Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e266b5df-6430-4ad3-8ca7-94591ce0dfbd/export"/>
    <published>2026-07-07T12:00:31.791756+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/068b11c9-f76a-466a-81ec-c8324ba01d6d/export</id>
    <title>068b11c9-f76a-466a-81ec-c8324ba01d6d</title>
    <updated>2026-07-08T22:12:42.743962+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "068b11c9-f76a-466a-81ec-c8324ba01d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12375", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2klmfzen2c", "content": "uncanny-automator-pro v7.3.0.5 shipped with a CRITICAL backdoor after a supply chain breach. Admin access &amp;amp; secret key theft possible \u2014 remove/disable immediately. More info: https://radar.offseq.com/threat/cve-2026-12375-cwe-912-hidden-functionality-in-unc-f847b0208ffd2506 #OffSeq #WordPress #Su...", "creation_timestamp": "2026-07-07T12:00:30.782689Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/068b11c9-f76a-466a-81ec-c8324ba01d6d/export"/>
    <published>2026-07-07T12:00:30.782689+00:00</published>
  </entry>
</feed>
