{"vulnerability": "cve-2026-1196", "sightings": [{"uuid": "d206838b-5eb4-4eaa-8adc-3b07ca30bfe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1196", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mct3oozuxi2i", "content": "", "creation_timestamp": "2026-01-20T02:17:38.801688Z"}, {"uuid": "d04c33a0-7644-42d6-90fa-a228a9ed2b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11965", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpnlp5dwuo2m", "content": "CVE-2026-11965 - User Registration &amp; Membership\nCVE ID : CVE-2026-11965\n \n Published : July 2, 2026, 6 a.m. | 1\u00a0hour, 46\u00a0minutes ago\n \n Description : The User Registration &amp; Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a pa...", "creation_timestamp": "2026-07-02T08:15:45.995294Z"}, {"uuid": "cf90cfcd-db0e-446f-9a70-363eb3c34017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11965", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoternhxa2r", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11965 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 User Registration &amp; Membership \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AFF77E23-382B-4834-BE41-EF0D230F0066", "creation_timestamp": "2026-07-02T20:05:48.514809Z"}, {"uuid": "14572be7-be56-4dab-80d3-2f1148621d0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11962", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpxmfeg4bb2b", "content": "CVE-2026-11962 - FileOrganizer\nCVE ID : CVE-2026-11962\n \n Published : July 6, 2026, 6 a.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authentic...", "creation_timestamp": "2026-07-06T07:54:49.167764Z"}, {"uuid": "0229a604-8f60-4d99-a6de-7c0ee9eaeb4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11962", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mpyoa3zgs42k", "content": "Arbitrary PHP uploads. Remote code execution. FileOrganizer before 1.2.0 lets authenticated sub-admins drop shells on your server.\n\nCVE-2026-11962, CVSS 8.8. No patch yet. Disable it now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-06T18:00:19.822387Z"}, {"uuid": "d72596a0-cbc8-4d03-a487-1aa217ac80cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11962", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6euzcwoe2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11962 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 FileOrganizer \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/38267F7A-1DD6-4DC6-A95C-EEE266DDEAEB", "creation_timestamp": "2026-07-09T00:29:02.968731Z"}, {"uuid": "f6a986e3-a7fb-4ac4-ae85-53aaaeb9c438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11963", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6w4zzq72e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11963 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 User Registration &amp; Membership \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/1E7A93D6-4498-4F60-8764-ED6C3727151A", "creation_timestamp": "2026-07-13T07:41:34.958931Z"}, {"uuid": "bfb6ccf3-de2e-412b-93a6-dc2c76000b61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6y7ymo52i", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11964 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 User Registration &amp; Membership \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/4C736194-191D-4EFC-BF72-A00824956119", "creation_timestamp": "2026-07-13T07:42:45.160218Z"}, {"uuid": "1fd800cc-b088-4a73-912e-2be8a110ba73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaedxj7k2h", "content": "CVE-2026-11964\nThe User Registration &amp; Membership WordPress plugin, used in WordPress websites, has a security issue that could allow attackers to activate paid memberships without making a real payment. This could lead to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-13T17:40:05.265620Z"}, {"uuid": "68951689-a832-4fbe-9b34-5c52dd9f07f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11963", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqkvm3475223", "content": "Your subscribers can promote themselves to admin. CVE-2026-11963 (CVSS 8.1) lets any logged-in user hijack another account's role and membership tier. No patch available. Disable User Registration &amp; Membership now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-14T00:00:13.705443Z"}, {"uuid": "1250b9cb-b9b4-45fb-8b42-de97d6c26741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqkvlwgtmt22", "content": "CVE-2026-11964. CVSS 9.1. Attackers forge payment approvals. Activate premium memberships without paying. No authentication required. No patch available yet\u2014disable User Registration &amp; Membership now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-14T00:00:11.579615Z"}, {"uuid": "5bd0ca5a-e0ee-45ad-a25c-6ed3d2356dc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqlaguminm2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11964 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 User Registration &amp; Membership: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 WordPress\n\n\n\nhttps://kripta.biz/posts/A28CA162-E70E-412A-A6DC-256A15C35348", "creation_timestamp": "2026-07-14T03:14:09.622751Z"}, {"uuid": "3f89bd9d-2dc6-4e51-abf6-3cdd711835bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11963", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqlavzki4z27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11963 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 User Registration &amp; Membership \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/911AB649-7DAD-471D-A52A-0E5BA1A6715C", "creation_timestamp": "2026-07-14T03:22:38.121536Z"}, {"uuid": "32b85f75-0632-4511-9ce9-b304988ee08e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/khesefxyz.bsky.social/post/3mqqqwywj5n2z", "content": "\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e9\u05d4 \u05d1-WordPress: CVE-2026-11964 \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05d4\u05ea\u05e7\u05e4\u05d5\u05ea \u05d7\u05de\u05d5\u05e8\u05d5\u05ea \u05e2\u05dc \u05d0\u05ea\u05e8\u05d9 \u05d7\u05d1\u05e8\u05d5\u05ea\n\n\n\nhttps://khesef.xyz/posts/F2E49168-A1BC-43CA-A6DE-8F3E0A44D9E4", "creation_timestamp": "2026-07-16T07:52:49.435039Z"}, {"uuid": "1ac99bce-44ec-4560-8b6b-32d8d3a5a596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11964", "type": "seen", "source": "https://bsky.app/profile/khesefxyz.bsky.social/post/3mqqshcdotw2t", "content": "\u05d7\u05e9\u05d9\u05e4\u05d4: \u05e4\u05d2\u05d9\u05e2\u05d4 \u05d7\u05de\u05d5\u05e8\u05d4 \u05d1\u05d0\u05d1\u05d8\u05d7\u05ea \u05ea\u05d5\u05e1\u05e4\u05ea WordPress - CVE-2026-11964\n\n\n\nhttps://khesef.xyz/posts/973D2941-3E41-414E-8271-93742CBF37B8", "creation_timestamp": "2026-07-16T08:19:49.933399Z"}, {"uuid": "6f797774-cac8-459b-ba32-bcf03df37d9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11966", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqtcjkfvu62x", "content": "CVE-2026-11966 - User Registration &amp; Membership\nCVE ID : CVE-2026-11966\n \n Published : July 17, 2026, 7:16 a.m. | 20\u00a0minutes ago\n \n Description : The User Registration &amp; Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated caller...", "creation_timestamp": "2026-07-17T08:12:44.865290Z"}, {"uuid": "a68192bb-913d-4c6b-bc15-b50419a89145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11961", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqtdeg53a32x", "content": "CVE-2026-11961 - User Registration &amp; Membership\nCVE ID : CVE-2026-11961\n \n Published : July 17, 2026, 7:16 a.m. | 20\u00a0minutes ago\n \n Description : The User Registration &amp; Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during pu...", "creation_timestamp": "2026-07-17T08:27:46.333509Z"}, {"uuid": "647547bb-3424-4169-b956-c04a8cde9ddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11961", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116934497361624112", "content": "CVE-2026-11961 (CRITICAL): User Registration &amp; Membership plugin (pre-5.2.3) allows unauthenticated users to assign arbitrary membership tiers, including admin, during signup. Disable or restrict registration until fixed. https://radar.offseq.com/threat/cve-2026-11961-cwe-269-improper-privilege-manageme-20cb46cff61ded54 #OffSeq #WordPress #CVE2026", "creation_timestamp": "2026-07-17T09:00:30.123998Z"}, {"uuid": "5a3a2f50-af44-4b7d-a3f0-96896aec4d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11961", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqtf6ycc3z24", "content": "CRITICAL: User Registration &amp; Membership plugin lets unauth users set any membership tier \u2014 including admin \u2014 on sign-up. Disable or restrict registration until patch. https://radar.offseq.com/threat/cve-2026-11961-cwe-269-improper-privilege-manageme-20cb46cff61ded54 #OffSeq #WordPress #CVE2026", "creation_timestamp": "2026-07-17T09:00:32.235151Z"}]}