{"vulnerability": "cve-2026-12685", "sightings": [{"uuid": "992da49d-b3e4-494a-b92b-898287816325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116894507132740931", "content": "CVE-2026-12685 | EscortWP \u22643.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe &amp; exfiltrates site/admin info via hard-coded key. No patch available \u2014 replace theme &amp; monitor vendor. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffSeq #WordPress #Infosec #CVE2026_12685", "creation_timestamp": "2026-07-10T07:30:27.754406Z"}, {"uuid": "bc5d3ee8-36ed-407d-b8c7-e81c97f8170b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqbmvjqo2j2d", "content": "EscortWP theme \u22643.6.2 hit by CRITICAL hidden backdoor (CVE-2026-12685): attackers with a hard-coded key can delete all content &amp; exfiltrate admin data. Switch themes &amp; stay alert for patches. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffS...", "creation_timestamp": "2026-07-10T07:30:29.504569Z"}, {"uuid": "4e5461fa-40f7-4896-9d8f-d8fad1f09920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqbp4i6yyn24", "content": "CVE-2026-12685 - EscortWP\nCVE ID : CVE-2026-12685\n \n Published : July 10, 2026, 7:16 a.m. | 32\u00a0minutes ago\n \n Description : The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who...", "creation_timestamp": "2026-07-10T08:10:09.756936Z"}, {"uuid": "52277cf6-1f8d-4c6b-9d24-701f6e585a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbxcnrpmr27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12685 \u0432 \u0442\u0435\u043c\u0435 EscortWP \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D1325B54-5074-4DD5-BD79-239A74C0AB63", "creation_timestamp": "2026-07-10T10:36:47.173059Z"}, {"uuid": "fa085cff-05f6-4c39-bc0b-5326585cb48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd5qfh2l52w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12685 \u0432 \u0442\u0435\u043c\u0435 EscortWP \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5991D9F5-4952-4EC7-A753-60018EF1FF3C", "creation_timestamp": "2026-07-10T22:04:30.188878Z"}]}