{"vulnerability": "CVE-2026-4906", "sightings": [{"uuid": "8807ed41-ec23-4ecc-841f-f8bbce6cc212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4906", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116297765131477192", "content": "", "creation_timestamp": "2026-03-26T22:11:07.027005Z"}, {"uuid": "c5611134-bcf0-416e-b396-ca878c1f298e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4906", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhz5fdz4ng24", "content": "", "creation_timestamp": "2026-03-27T03:10:09.092100Z"}, {"uuid": "62c40159-beaf-49df-bf88-ea8875696bbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4906", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mifan5weki2r", "content": "", "creation_timestamp": "2026-03-31T22:40:10.162996Z"}, {"uuid": "f04e3e81-a640-4021-b964-573083de4130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4906", "type": "seen", "source": "Telegram/hP7eImde7r4m7yMTuc_s6yRrjdEU7i69S7GlZXENsXqke8A", "content": "", "creation_timestamp": "2026-03-27T03:18:19.000000Z"}, {"uuid": "5cdf4628-8ec7-45d4-96f6-46b48cb5ff5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2deabi7m2b", "content": "\ud83d\udd34 CVE-2026-49060 - Critical (9.8)\n\nIncorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privileg...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49060/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T23:00:44.619622Z"}, {"uuid": "d87b893a-334f-4384-8c07-07e2a3952c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49060", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2lgfb72j2g", "content": "CVE-2026-49060 - WordPress Hippoo Mobile App for WooCommerce plugin\nCVE ID : CVE-2026-49060\n \n Published : 2026\u5e746\u670811\u65e5 22:16 | 2\u00a0\u5c0f\u65f6\uff0c49\u00a0\u5206\u949f ago\n \n Description : Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.\n\nThis is...", "creation_timestamp": "2026-06-12T01:25:08.970863Z"}, {"uuid": "b1aebe84-75c4-4ad2-bbe6-d73c22e637bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49064", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3modnls2hnp2a", "content": "CVE-2026-49064 - WordPress GetPaid plugin\nCVE ID : CVE-2026-49064\n \n Published : June 15, 2026, 2:16 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data.\n\nThis...", "creation_timestamp": "2026-06-15T15:57:52.108257Z"}, {"uuid": "aa4aad2e-2d35-492f-94fe-ab6b30575ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49062", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3modpjxklhs2m", "content": "CVE-2026-49062 - WordPress Faust.js plugin\nCVE ID : CVE-2026-49062\n \n Published : June 15, 2026, 2:16 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitati...", "creation_timestamp": "2026-06-15T16:32:38.170710Z"}, {"uuid": "c18010f6-ba7a-4dfb-b681-0c59520e4b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49062", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3modulra6do2i", "content": "\ud83d\udfe0 CVE-2026-49062 - High (8.8)\n\nAuthentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allo...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49062/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-15T18:03:08.387871Z"}, {"uuid": "70fdc0d3-4ce2-4f15-89d1-af6cf7683c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49064", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moe36a2mb42i", "content": "\ud83d\udfe0 CVE-2026-49064 - High (7.5)\n\nInsertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retriev...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49064/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-15T20:00:50.552565Z"}, {"uuid": "b4844cb3-4cb8-475a-89da-683338ee8b7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49067", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moea2mtfv32b", "content": "CVE-2026-49067 - WordPress Advanced 301 and 302 Redirect plugin\nCVE ID : CVE-2026-49067\n \n Published : June 15, 2026, 8:19 p.m. | 49\u00a0minutes ago\n \n Description : Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.\n \n Severity: 9.3 | CRITICAL\n \n...", "creation_timestamp": "2026-06-15T21:28:28.778980Z"}, {"uuid": "0f2ed099-0315-47d0-a641-78459e15bb11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49067", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moiem6wmok2t", "content": "\ud83d\udd34 CVE-2026-49067 - Critical (9.3)\n\nUnauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49067/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-17T13:00:21.562165Z"}, {"uuid": "596eec40-f00f-4564-852c-a9dde38bbd5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49068", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moiemgb6lj2c", "content": "\ud83d\udfe0 CVE-2026-49068 - High (7.5)\n\nSubscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49068/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-17T13:00:28.968188Z"}]}