{"vulnerability": "CVE-2026-3018", "sightings": [{"uuid": "9c9e7ea1-fa2b-47f2-93be-6971116518e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3018", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mnxhlrxtsa22", "content": "CVE-2026-3018: Newsletters vulnerable sin autenticaci\u00f3n\n\n\u00bfUs\u00e1s el plugin Newsletters en WordPress? CVE-2026-3018 permite inyecci\u00f3n SQL sin autenticaci\u00f3n en versiones hasta 4.13. Verific\u00e1 tu instalaci\u00f3n ahora.\n\n#cve20263018 #sqlinjection #newsletterswordpress #wordfence #inyecci\u00f3nsql", "creation_timestamp": "2026-06-10T19:38:33.096627Z"}, {"uuid": "83c2a0b7-6f00-4313-b1b8-aafd2fd49499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3018", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwknm5q4p2y", "content": "\ud83d\udfe0 CVE-2026-3018 - High (7.5)\n\nThe Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018wpmlsub...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-3018/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-10T11:00:36.015760Z"}, {"uuid": "456d7670-8bac-453e-8bd5-2462472d04ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3018", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlkbkl762m", "content": "CVE-2026-3018 - Newsletters\nCVE ID : CVE-2026-3018\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018wpmlsubscriber_id\u2019 parameter in all versions up to, and includi...", "creation_timestamp": "2026-06-10T11:16:58.054424Z"}, {"uuid": "59a784fd-c70d-4572-9f1e-de331b76d8bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3018", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnwnyjxpbx2b", "content": "CVE-2026-3018. Newsletters plugin. SQL injection. No auth needed.\n\nYour database is readable. Credentials exposed. User data gone.\n\nUpdate to 4.13 now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #SQLi #CyberSecurity", "creation_timestamp": "2026-06-10T12:00:23.102341Z"}]}