{"vulnerability": "cve-2026-12375", "sightings": [{"uuid": "068b11c9-f76a-466a-81ec-c8324ba01d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12375", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2klmfzen2c", "content": "uncanny-automator-pro v7.3.0.5 shipped with a CRITICAL backdoor after a supply chain breach. Admin access &amp; secret key theft possible \u2014 remove/disable immediately. More info: https://radar.offseq.com/threat/cve-2026-12375-cwe-912-hidden-functionality-in-unc-f847b0208ffd2506 #OffSeq #WordPress #Su...", "creation_timestamp": "2026-07-07T12:00:30.782689Z"}, {"uuid": "e266b5df-6430-4ad3-8ca7-94591ce0dfbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12375", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878581993306054", "content": "CVE-2026-12375 (CRITICAL): uncanny-automator-pro v7.3.0.5 distributed with a hidden backdoor due to vendor supply chain compromise. Attackers can gain admin access &amp; exfiltrate secrets. Remove/disable this version now. https://radar.offseq.com/threat/cve-2026-12375-cwe-912-hidden-functionality-in-unc-f847b0208ffd2506 #OffSeq #WordPress #SupplyChain", "creation_timestamp": "2026-07-07T12:00:31.791756Z"}, {"uuid": "478b989a-bd5d-408d-bc72-1a6ea4d3430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12375", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2rwv43nq2l", "content": "CVE-2026-12375 - uncanny-automator-pro\nThe Uncanny Automator Pro WordPress plugin, used to automate tasks on websites, was compromised and distributed with malicious code. This allowed attackers to access and steal\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#unknown #CVE #infosec", "creation_timestamp": "2026-07-07T14:12:05.031450Z"}, {"uuid": "0675faa5-7847-4636-bb0d-6ee20f66ce2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12375", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mq36ouvxei2e", "content": "Your sites running uncanny-automator-pro? Admin sessions handed to strangers. Site secrets beaconed out. CVE-2026-12375. CVSS 9.8. No patch available yet. Disable the plugin now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-07T18:00:15.267113Z"}]}