{"vulnerability": "CVE-2026-12415", "sightings": [{"uuid": "a81aa25f-79da-4bb8-9853-5743340d865e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12415", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mparsjsyrw2u", "content": "CRITICAL: pravel Invoice Generator \u22641.0.0 lets unauthenticated attackers hijack any WordPress account \u2014 incl. admins \u2014 via exposed AJAX. Disable plugin or block pravel_invoice_edit_account() now. https://radar.offseq.com/threat/cve-2026-12415-cwe-269-improper-privilege-manageme-3c4b296b228a674f #...", "creation_timestamp": "2026-06-27T06:00:26.237747Z"}, {"uuid": "44caef33-7d96-4393-9a19-849a5d4e67af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpassotsjd2s", "content": "CVE-2026-12415 - Invoice Generator\nCVE ID : CVE-2026-12415\n \n Published : June 27, 2026, 4:30 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice...", "creation_timestamp": "2026-06-27T06:18:24.840931Z"}, {"uuid": "c32b69ef-05bc-4f30-a86e-67d7e387218b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mpat6tjh6z2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cInvoice Generator\u300d\uff08v1.0.0\u307e\u3067\uff09\u3067\u3001\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u306f\u4efb\u610f\u306e\u30e6\u30fc\u30b6\u30fc\uff08\u7ba1\u7406\u8005\u542b\u3080\uff09\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4e57\u3063\u53d6\u308b\u3053\u3068\u304c\u53ef\u2026\nCVE-2026-12415 CVSS 9.8 | CRITICAL", "creation_timestamp": "2026-06-27T06:25:12.707889Z"}, {"uuid": "ee686b89-94a2-4553-890d-9b0fddd4f6fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mpbniwrmxv2i", "content": "CVE-2026-12415 invoice-creator (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-27T14:16:09.060758Z"}, {"uuid": "0cf453f4-6f34-4a3d-a4e5-2908721ba4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpbpylejhg2g", "content": "\ud83d\udd34 CVE-2026-12415 - Critical (9.8)\n\nThe Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-12415/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-27T15:00:41.658070Z"}, {"uuid": "149f7e46-3d67-4afd-8bbe-28948de6db3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph7m2c4ry25", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12415 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Invoice Generator \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/18B86939-6C43-42AB-A5D1-49A9F0CBBF44", "creation_timestamp": "2026-06-29T19:23:18.779818Z"}, {"uuid": "a21a9d9a-2bb5-4fe6-b33a-1d6c300394de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mph7ma7npb2k", "content": "WordPress\u63d2\u4ef6\u6f0f\u6d1e\u8b66\u544a:Invoice Generator\u63d2\u4ef6\u5b58\u5728\u7279\u6743\u63d0\u5347\u98ce\u9669(CVE-2026-12415)\n\n\n\nhttps://qian.cx/posts/A4E57BE2-D7D8-4BFF-933F-561D57FB07E8", "creation_timestamp": "2026-06-29T19:23:25.198379Z"}]}