{"vulnerability": "CVE-2026-3949", "sightings": [{"uuid": "ce8b6cfb-b993-4fa2-8416-7fbd2a2c47ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39493", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mjw67ee7wf2s", "content": "", "creation_timestamp": "2026-04-20T09:37:05.891287Z"}, {"uuid": "98fc79c2-df08-40c6-a7d3-38327da00f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39496", "type": "seen", "source": "Telegram/xEAlz_uvdoDbl3-4UvjRUOPM0QQ9w8kB8O-gQzs6j3EZAGw", "content": "", "creation_timestamp": "2026-04-13T21:22:20.000000Z"}, {"uuid": "014c1ffb-266b-4f1f-a4a9-5b65bb783e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39497", "type": "seen", "source": "Telegram/OQKBgo-nZL6sXwBX9bmjZlSNq_FSsDAVUFOIG0ZNThQ0_ug", "content": "", "creation_timestamp": "2026-04-10T21:23:28.000000Z"}, {"uuid": "1b69ee79-497f-4cd9-812e-c5440e7b46be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39495", "type": "seen", "source": "Telegram/OQKBgo-nZL6sXwBX9bmjZlSNq_FSsDAVUFOIG0ZNThQ0_ug", "content": "", "creation_timestamp": "2026-04-10T21:23:28.000000Z"}, {"uuid": "c5664a96-957b-4d8c-be43-1c0b46340e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39491", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mkhh4z3mzy2c", "content": "", "creation_timestamp": "2026-04-27T06:32:06.279427Z"}, {"uuid": "92a60ea2-aa10-4acf-8f82-0fd6c3eeaff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39491", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkhh4zlgt525", "content": "", "creation_timestamp": "2026-04-27T06:32:07.694669Z"}, {"uuid": "b6b47956-a663-4baa-a777-dab66022e680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39494", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2dehgvm22n", "content": "\ud83d\udd34 CVE-2026-39494 - Critical (9.3)\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-39494/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T23:00:51.918942Z"}, {"uuid": "77644dfe-870d-413a-ad86-51899c337548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39494", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2lbirsuf23", "content": "CVE-2026-39494 - WordPress Product Filter by WBW plugin\nCVE ID : CVE-2026-39494\n \n Published : 2026\u5e746\u670811\u65e5 22:16 | 2\u00a0\u5c0f\u65f6\uff0c49\u00a0\u5206\u949f ago\n \n Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by...", "creation_timestamp": "2026-06-12T01:22:21.756675Z"}, {"uuid": "a902b885-ebe5-4817-b4dc-bb7a7e90af05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39494", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mo3eupvugh2m", "content": "Blind SQL Injection in WBW Plugins Product Filter (&lt;=3.1.2) rated CRITICAL (CVSS 9.3). No patch yet \u2014 monitor vendor advisories and restrict plugin use. https://radar.offseq.com/threat/cve-2026-39494-cwe-89-improper-neutralization-of-s-f3bdb0f7 #OffSeq #vuln #SQLInjection", "creation_timestamp": "2026-06-12T09:00:31.534062Z"}, {"uuid": "226ff461-1020-4c49-a749-e0be0387a63a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39494", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116736316422456576", "content": "\ud83d\uded1 CRITICAL: CVE-2026-39494 in WBW Plugins Product Filter (&lt;=3.1.2) enables Blind SQL Injection \u2014 high risk to data &amp; availability. No patch yet; monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-39494-cwe-89-improper-neutralization-of-s-f3bdb0f7 #OffSeq #infosec #Vuln #SQLInjection", "creation_timestamp": "2026-06-12T09:00:32.933365Z"}, {"uuid": "6677c056-d729-4c4a-b4d5-1a0d85290280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39490", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mofnj7cep524", "content": "\ud83d\udfe0 CVE-2026-39490 - High (7.5)\n\nUnauthenticated Broken Access Control in JupiterX Core &lt;= 4.14.1 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-39490/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T11:01:45.550066Z"}, {"uuid": "ffbaf834-9ef3-44c0-864d-a4d0d474ec1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39492", "type": "seen", "source": "https://t.me/GithubRedTeam/92343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39492\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-07 12:31:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-39492 \u2014 WP Maps (wp-google-map-plugin) &lt;= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:10.642673Z"}, {"uuid": "390465c0-85f3-4897-ad6a-93237edc404a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39492", "type": "seen", "source": "https://t.me/GithubRedTeam/92343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39492\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-07 12:31:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-39492 \u2014 WP Maps (wp-google-map-plugin) &lt;= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:19.177426Z"}, {"uuid": "d3704bd6-6f9f-4bc9-99c7-84a103394fa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39492", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39492\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-07 12:31:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-39492 \u2014 WP Maps (wp-google-map-plugin) &lt;= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:31.012793Z"}]}