{"vulnerability": "CVE-2026-9290", "sightings": [{"uuid": "8f18a6d0-7a38-4616-9897-ffd31fcccc71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlha7sokz2g", "content": "\ud83d\udfe0 CVE-2026-9290 - High (7.5)\n\nThe WP User Manager \u2013 User Profile Builder &amp; Membership plugin for WordPress is vulnerable to L...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-9290/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-06T01:00:08.527109Z"}, {"uuid": "d1bbaf11-e568-47f4-8ec4-7dd23d2e1c00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnlikqk23d2r", "content": "CVE-2026-9290 - WP User Manager\nCVE ID : CVE-2026-9290\n \n Published : June 6, 2026, 12:16 a.m. | 16\u00a0minutes ago\n \n Description : The WP User Manager \u2013 User Profile Builder &amp; Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and in...", "creation_timestamp": "2026-06-06T01:23:54.569361Z"}, {"uuid": "6cf70252-852a-434e-ad44-f578e1bd271e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnlxyr5bek2b", "content": "CVE-2026-9290. WP User Manager plugin. 7.5/10 CVSS.\n\nAny visitor reads wp-config.php. Database credentials exposed. PHP execution. Your server becomes theirs.\n\nUpdate to 2.9.17 now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #LFI #CyberSecurity", "creation_timestamp": "2026-06-06T06:00:11.366083Z"}, {"uuid": "956cea10-6a30-48e2-a218-8bb7d9bfe69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-9290.yaml", "content": "", "creation_timestamp": "2026-06-10T07:07:43.000000Z"}, {"uuid": "e196045f-636c-4278-bc72-4f9614c85e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mobeu2pmfd2e", "content": "CVE-2026-9290 wp-user-manager (CVSS Score 7.5) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-14T18:16:06.950888Z"}, {"uuid": "b8ca4172-5c8e-45f2-a6bc-20eeaa99be81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://t.me/GithubRedTeam/92104", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-9290\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 23:18:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth Local File Inclusion in WP User Manager &lt;= 2.9.17 via path traversal in tab parameter (CVSS 7.5)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:11.788284Z"}, {"uuid": "4bff91cf-9ef6-4300-ad67-edd7dac351a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "https://t.me/GithubRedTeam/92104", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-9290\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 23:18:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth Local File Inclusion in WP User Manager &lt;= 2.9.17 via path traversal in tab parameter (CVSS 7.5)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:20.143302Z"}, {"uuid": "3d518b2f-04f0-4898-a2ad-d4460d1f1a10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92104", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-9290\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 23:18:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth Local File Inclusion in WP User Manager &lt;= 2.9.17 via path traversal in tab parameter (CVSS 7.5)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:30.092702Z"}, {"uuid": "9134c5a1-2238-4b17-9df8-fe57396dcad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "Telegram/weN5BIEcpzWRP-culIl-ZBjR5vCD_HYHl8jd7V-2oU2RFQY", "content": "", "creation_timestamp": "2026-07-16T19:00:21.103289Z"}, {"uuid": "53f60070-a524-42ef-a8df-5a7ca805fb2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9290", "type": "seen", "source": "Telegram/weN5BIEcpzWRP-culIl-ZBjR5vCD_HYHl8jd7V-2oU2RFQY", "content": "", "creation_timestamp": "2026-07-17T00:00:37.513621Z"}]}