{"vulnerability": "cve-2026-10737", "sightings": [{"uuid": "2f15848e-df81-484e-8900-dd61c3dfb7fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mngzsdlxk324", "content": "CVE-2026-10737 - SP Project & Document Manager\nCVE ID : CVE-2026-10737\n \n Published : June 4, 2026, 2:16 a.m. | 4\u00a0hours, 16\u00a0minutes ago\n \n Description : The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability ...", "creation_timestamp": "2026-06-04T06:49:06.578209Z"}, {"uuid": "7a92851a-9c08-43a3-bdac-1d07dbccd1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mngmztd3wh22", "content": "\ud83d\udfe0 CVE-2026-10737 - High (7.5)\n\nThe SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10737/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T03:00:37.918548Z"}, {"uuid": "6917f2ed-5e50-4526-824d-08bb7bb1bd05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnj3tf3oaw2f", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 136 interactions\nCVE-2026-0257: 43 interactions\nCVE-2026-48778: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-49858: 11 interactions\nCVE-2026-20230: 6 interactions\nCVE-2026-10737: 4 interactions\n", "creation_timestamp": "2026-06-05T02:30:48.004045Z"}, {"uuid": "9f10f0cc-9044-4644-8526-da0889cc1c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnircqmoxk26", "content": "Unauthenticated attackers can read arbitrary file metadata and grab download links via SP Project & Document Manager. CVE-2026-10737 (CVSS 7.5) exploits missing capability checks in versions \u22644.71. Update immediately to 4.71+ \u2192 pulse-wp.com\n#WordPress #CyberSecurity #InfoSec #CVE", "creation_timestamp": "2026-06-04T23:22:30.518304Z"}, {"uuid": "c6c0b7bc-1e32-4ed7-989c-62834b85ce8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnirmpxct22x", "content": "Unauthenticated attackers can download arbitrary files from SP Project & Document Manager via missing capability checks. CVE-2026-10737 (CVSS 7.5 HIGH). Affects all versions through 4.71. Update now \u2192 pulse-wp.com\n#WordPress #AccessControl #CyberSecurity", "creation_timestamp": "2026-06-04T23:28:06.432733Z"}, {"uuid": "c8e3662b-2bd0-4249-b173-7cfbfb2a2637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnirr3vfxi26", "content": "CVE-2026-10737. CVSS 7.5. SP Project & Document Manager leaks file metadata and download links to anyone. No auth needed. Your configs, backups, API keys exposed.\n\nUpdate to 4.71. now.\n\n\u2192 pulse-wp.com\n#WordPress #AccessControl #CyberSecurity", "creation_timestamp": "2026-06-04T23:30:32.096936Z"}, {"uuid": "9a78e302-e89b-47e9-9786-cdc682625eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnirwyoxo42a", "content": "CVE-2026-10737. CVSS 7.5. SP Project & Document Manager leaks file metadata and download links to anyone. No auth needed. Your wp-config could be next.\n\nUpdate to 4.71. now. \u2192 pulse-wp.com\n#WordPress #AccessControl #CyberSecurity", "creation_timestamp": "2026-06-04T23:33:50.308809Z"}, {"uuid": "45c11c26-00ab-4285-8525-265efa834fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnis7ahx5p2k", "content": "CVE-2026-10737. CVSS 7.5. SP Project & Document Manager leaks file metadata and download links to unauthenticated visitors. Your wp-config. Database backups. Client files. All exposed.\n\nUpdate to 4.71 now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #AccessControl #CyberSecurity", "creation_timestamp": "2026-06-04T23:38:26.800071Z"}, {"uuid": "27bb9312-7bef-42f0-ae99-8556f00d921f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10737", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mnisbxpsiv2l", "content": "CVE-2026-10737. CVSS 7.5. SP Project & Document Manager leaks file metadata and download links to anyone. No auth needed. Your wp-config could be next.\n\nUpdate to 4.71. now. \u2192 pulse-wp.com\n#WordPress #AccessControl #PotatoSecurity", "creation_timestamp": "2026-06-04T23:39:58.520689Z"}]}