{"vulnerability": "CVE-2026-5270", "sightings": [{"uuid": "6aff7016-b42c-4b7c-aea2-579a66c25f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-52704", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3modkepmag52l", "content": "WooCommerce PDF Invoice Builder plugin (\u22642.0.8) hit by CRITICAL RCE flaw (CVE-2026-52704) \u2014 no patch yet. Disable or remove plugin ASAP to avoid total compromise. Details: https://radar.offseq.com/threat/cve-2026-52704-cwe-94-improper-control-of-generati-76aad4c5 #OffSeq #WordPress #Security", "creation_timestamp": "2026-06-15T15:00:13.845365Z"}, {"uuid": "ca5ab256-93fa-4329-909f-b6bd0c3f5d6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-52704", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116754717813611535", "content": "\ud83d\udea8 CRITICAL: CVE-2026-52704 in WooCommerce PDF Invoice Builder \u22642.0.8 enables remote code execution via code injection (CWE-94). No patch yet \u2014 disable/remove plugin to prevent full system compromise. More info: https://radar.offseq.com/threat/cve-2026-52704-cwe-94-improper-control-of-generati-76aad4c5 #OffSeq #WordPress #Vuln", "creation_timestamp": "2026-06-15T15:00:19.650179Z"}, {"uuid": "61f278ff-3a57-4cdc-9bf6-6a8d2d09c35f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52704", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3modnisap7l2x", "content": "CVE-2026-52704 - WordPress WooCommerce PDF Invoice Builder plugin\nCVE ID : CVE-2026-52704\n \n Published : June 15, 2026, 2:16 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF In...", "creation_timestamp": "2026-06-15T15:56:20.011956Z"}, {"uuid": "03fa136e-aa74-46ff-a0bb-a3f59f21d3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52704", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3modulj4fol22", "content": "\ud83d\udd34 CVE-2026-52704 - Critical (10)\n\nImproper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerc...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-52704/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-15T18:03:00.759613Z"}, {"uuid": "976029a1-e95d-4ab5-8255-148e21792db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52700", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moebwj2hkn26", "content": "\ud83d\udfe0 CVE-2026-52700 - High (8.5)\n\nSubscriber SQL Injection in WCMultiShipping &lt;= 3.0.2 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-52700/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-15T22:01:47.233761Z"}, {"uuid": "9fb4fa21-968a-4453-b69d-fc024572da8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52700", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moebymanjo2b", "content": "CVE-2026-52700 - WordPress WCMultiShipping plugin\nCVE ID : CVE-2026-52700\n \n Published : June 15, 2026, 8:19 p.m. | 49\u00a0minutes ago\n \n Description : Subscriber SQL Injection in WCMultiShipping &lt;= 3.0.2 versions.\n \n Severity: 8.5 | HIGH\n \n Visit the link for more details, suc...", "creation_timestamp": "2026-06-15T22:02:57.010704Z"}, {"uuid": "b9d526a4-4916-48f5-947c-31a7894fe0ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52703", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moeckkecr52j", "content": "CVE-2026-52703 - WordPress FastDup plugin\nCVE ID : CVE-2026-52703\n \n Published : June 15, 2026, 8:19 p.m. | 49\u00a0minutes ago\n \n Description : Unauthenticated Path Traversal in FastDup &lt;= 2.7.2 versions.\n \n Severity: 9.6 | CRITICAL\n \n Visit the link for more details, such as C...", "creation_timestamp": "2026-06-15T22:12:59.148333Z"}, {"uuid": "ac81a869-729e-4e32-8a37-4e12f2c066c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52703", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moefb56g4m2n", "content": "\ud83d\udd34 CVE-2026-52703 - Critical (9.6)\n\nUnauthenticated Path Traversal in FastDup &lt;= 2.7.2 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-52703/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-15T23:01:25.046475Z"}, {"uuid": "9fccf661-5d8a-4c61-9e14-f34f268fac2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52702", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moei6c4drq2j", "content": "CVE-2026-52702 - WordPress SEO Redirection plugin\nCVE ID : CVE-2026-52702\n \n Published : June 15, 2026, 9:17 p.m. | 2\u00a0hours, 24\u00a0minutes ago\n \n Description : Unauthenticated Cross Site Scripting (XSS) in SEO Redirection &lt;= 9.17 versions.\n \n Severity: 7.1 | HIGH\n \n Visit the ...", "creation_timestamp": "2026-06-15T23:53:30.289794Z"}, {"uuid": "fb90b7ea-7934-48ba-8446-af3aca2ef924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-52703", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moexnkgnj42p", "content": "CRITICAL alert \ud83d\udea8: Ninja Team FastDup (&lt;=2.7.2) hit by unauthenticated path traversal flaw. Review deployments, restrict access, and watch for patches! https://radar.offseq.com/threat/cve-2026-52703-cwe-35-path-traversal-in-ninja-team-07f46330 #OffSeq #vulnerability #security", "creation_timestamp": "2026-06-16T04:30:28.904848Z"}, {"uuid": "7d6ef00d-f061-42bf-acbd-0717249bad90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-52703", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116757903852347463", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-52703 in Ninja Team FastDup (&lt;=2.7.2) enables unauthenticated path traversal. Attackers could access restricted files. Monitor for vendor updates and restrict access! https://radar.offseq.com/threat/cve-2026-52703-cwe-35-path-traversal-in-ninja-team-07f46330 #OffSeq #vulnerability #infosec", "creation_timestamp": "2026-06-16T04:30:29.604208Z"}, {"uuid": "e6f6b8da-4f07-4bff-b9f7-6d53dacc4ca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moigzsfneq25", "content": "CVE-2026-52705 - WordPress SigmaForms Pro \u2013 AI Generated Forms plugin\nCVE ID : CVE-2026-52705\n \n Published : June 17, 2026, 9:51 a.m. | 3\u00a0hours, 17\u00a0minutes ago\n \n Description : Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Generated Forms &lt;= 1.4.5 versions.\n ...", "creation_timestamp": "2026-06-17T13:43:44.771758Z"}, {"uuid": "4b8b952f-4c17-4264-9a34-15e9ac799128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-52706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihui2ijg2g", "content": "CVE-2026-52706 - WordPress JetEngine plugin\nCVE ID : CVE-2026-52706\n \n Published : June 17, 2026, 9:51 a.m. | 3\u00a0hours, 17\u00a0minutes ago\n \n Description : Unauthenticated PHP Object Injection in JetEngine &lt;= 3.8.10 versions.\n \n Severity: 9.8 | CRITICAL\n \n Visit the link for mor...", "creation_timestamp": "2026-06-17T13:58:39.798980Z"}, {"uuid": "777b7c1a-9657-4e9d-bbc1-6bea30771ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5270", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqngczzwyz2x", "content": "CVE-2026-5270 - Authentication Bypass in Navigator and Blue Planet Products\nCVE ID : CVE-2026-5270\n \n Published : July 14, 2026, 11:17 p.m. | 14\u00a0minutes ago\n \n Description : An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Su...", "creation_timestamp": "2026-07-15T00:04:42.778491Z"}, {"uuid": "492bea6e-1ecd-43ab-aec1-8aafc023d163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5270", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqotriltvq2p", "content": "CVE-2026-5270 - navigator ncs\nCiena Navigator and Blue Planet products may allow unauthorized access. This is a serious security risk because attackers can bypass security checks and gain access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#navigatorncs #blueplanet #CVE #infosec", "creation_timestamp": "2026-07-15T13:38:06.767528Z"}]}