{"vulnerability": "cve-2026-1528", "sightings": [{"uuid": "13c0c894-2ff1-4333-8058-2841d1ca71cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3mgvb5xjenk2f", "content": "", "creation_timestamp": "2026-03-12T20:41:47.871213Z"}, {"uuid": "5cfc495f-f157-45b7-bcb7-09ebee8b594a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgve7u2u2u2x", "content": "", "creation_timestamp": "2026-03-12T21:36:30.784702Z"}, {"uuid": "e3598e94-219b-4153-b74e-c5493187a381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mgviambhye2n", "content": "", "creation_timestamp": "2026-03-12T22:48:30.485290Z"}, {"uuid": "6ff6e6a9-feeb-4094-b8d1-860f61370315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhj2ql7r732m", "content": "", "creation_timestamp": "2026-03-20T17:40:08.838943Z"}, {"uuid": "bad8fb92-f65e-4b5d-8ea8-125ecba7c675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1528", "content": "", "creation_timestamp": "2026-03-12T20:16:25.000000Z"}, {"uuid": "5d07a8d8-9157-4152-bc46-2e74ef3cf4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1528", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp7qunipl2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-1528: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 WebSocket \u0438 \u0435\u0451 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\n\n\n\nhttps://kripta.biz/posts/B1315676-5939-4162-9447-F02D8B63E384", "creation_timestamp": "2026-07-02T23:47:18.557191Z"}, {"uuid": "6a97e3cb-7d82-4d92-934c-386ee349b568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z", "content": "CVE-2026-15282 - instant appointment\nAn outdated version of the Instant Appointment plugin for WordPress allows unauthorized users to upload any file to the server. This could potentially\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#instantappointment #tenteeglobal #CVE #infosec", "creation_timestamp": "2026-07-10T05:16:07.130906Z"}, {"uuid": "b6b2993b-59fa-410d-8fa4-ebb81b8a81b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15283", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcwiu4xlp2x", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-15283 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WPvivid Backup \u0434\u043b\u044f MainWP: \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 WordPress\n\n\n\nhttps://kripta.biz/posts/C541DCB4-D01B-4653-9929-BD2D1E03838A", "creation_timestamp": "2026-07-10T19:55:00.654697Z"}, {"uuid": "a55e79d9-148d-4340-b07a-8d4889080c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15285", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcwiymgfs26", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-15285 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 The Plus Addons for Elementor: \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u043d\u0430 WordPress\n\n\n\nhttps://kripta.biz/posts/03B7865A-EBA9-49A9-A7E2-946A5DDB13E2", "creation_timestamp": "2026-07-10T19:55:05.719741Z"}, {"uuid": "d3fd9a5c-653a-4e2a-b776-3d5dd77aaae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15289", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxhhbam62w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-15289 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Booking Calendar \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/EF71BC2F-470B-4CDB-9CB4-741B8FC51229", "creation_timestamp": "2026-07-10T20:12:07.567143Z"}, {"uuid": "bfffd313-f35a-4061-b0f4-e5874b03e128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j", "content": "CVE-2026-15282. CVSS 9.8. Instant Appointment plugin lets anyone upload files. wp-config.php. Database dumps. Shell code. All unauth. Update to 1.2 now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-11T00:00:32.636759Z"}, {"uuid": "621b0277-0e62-46db-a4d8-f5b260d9ed29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15287", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhc3q57l2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-15287 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 rtMedia \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/95658709-9FAA-49FB-A87E-A6BFF7A83B50", "creation_timestamp": "2026-07-11T00:55:27.348583Z"}, {"uuid": "b885a5eb-29ef-476f-a8d3-54c04c620b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15288", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqiik624f32l", "content": "\ud83d\udfe0 CVE-2026-15288 - High (7.5)\n\nThe SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-15288/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T01:01:11.288587Z"}, {"uuid": "b5fda2d6-ff1d-4b54-a3e4-727102c3180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqiikeondb2b", "content": "\ud83d\udd34 CVE-2026-15282 - Critical (9.8)\n\nThe Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-15282/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T01:01:18.260449Z"}, {"uuid": "57927adf-3556-402e-a0c6-dc119851d727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.851312Z"}, {"uuid": "fb692df5-f467-4793-836d-8eb3cafc0328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:08.045703Z"}]}