{"vulnerability": "cve-2026-3655", "sightings": [{"uuid": "1acf02ef-e010-439a-baab-1a1f85a50a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3655", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmy6e4lrqw2y", "content": "CRITICAL: glboy OTP Login plugin (v1.8.50 \u2013 1.8.60) lets attackers bypass auth & hijack any account. Update beyond 1.8.60 or confirm patch is live! https://radar.offseq.com/threat/cve-2026-3655-cwe-287-improper-authentication-in-g-98c0dba0 #OffSeq #WordPress #Security", "creation_timestamp": "2026-05-29T09:00:41.627117Z"}, {"uuid": "0a14926c-e824-4c8e-bb50-538045daea68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3655", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116657044700520372", "content": "CVE-2026-3655 (CRITICAL, CVSS 9.8): glboy OTP Login plugin (v1.8.50 \u2013 1.8.60) suffers from improper authentication via Firebase OTP. Attackers can log in as any user/admin. Patch now! https://radar.offseq.com/threat/cve-2026-3655-cwe-287-improper-authentication-in-g-98c0dba0 #OffSeq #WordPress #Infosec #Vulnerability", "creation_timestamp": "2026-05-29T09:00:51.161833Z"}, {"uuid": "642a88fe-5f4d-4871-bb72-9cb9b569b466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3655", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mn4hsoubhc2j", "content": "\ud83d\udd34 CVE-2026-3655 - Critical (9.8)\n\nThe OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentic...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-3655/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-31T02:00:32.236792Z"}, {"uuid": "d92be6e0-bc6d-4ac7-9e7d-d267e0cd79e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmyb2pxqz32j", "content": "CVE-2026-3655 - OTP Login With Phone Number, OTP Verification\nCVE ID : CVE-2026-3655\n \n Published : May 29, 2026, 8:16 a.m. | 16\u00a0minutes ago\n \n Description : The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versio...", "creation_timestamp": "2026-05-29T09:49:06.052335Z"}]}