{"uuid": "7777e37f-d400-42b0-9528-7248b0175bd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mozt5rdk5i2u", "content": "\ud83d\udea8 BREAKING\n\nThe free WordPress plugin was clean.\n\nThe paid update is what backdoored the site.\n\nShapedPlugin Pro updates stole admin logins and your 2FA seeds. A password reset will not clear it. (CVE-2026-49777)", "creation_timestamp": "2026-06-24T11:35:58.739505Z"}