<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-14T20:43:52.459115+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fb692df5-f467-4793-836d-8eb3cafc0328/export</id>
    <title>fb692df5-f467-4793-836d-8eb3cafc0328</title>
    <updated>2026-07-14T20:43:52.486765+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fb692df5-f467-4793-836d-8eb3cafc0328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:08.045703Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fb692df5-f467-4793-836d-8eb3cafc0328/export"/>
    <published>2026-07-14T00:00:08.045703+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/57927adf-3556-402e-a0c6-dc119851d727/export</id>
    <title>57927adf-3556-402e-a0c6-dc119851d727</title>
    <updated>2026-07-14T20:43:52.489141+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "57927adf-3556-402e-a0c6-dc119851d727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.851312Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/57927adf-3556-402e-a0c6-dc119851d727/export"/>
    <published>2026-07-13T22:00:04.851312+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b5fda2d6-ff1d-4b54-a3e4-727102c3180a/export</id>
    <title>b5fda2d6-ff1d-4b54-a3e4-727102c3180a</title>
    <updated>2026-07-14T20:43:52.489286+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b5fda2d6-ff1d-4b54-a3e4-727102c3180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqiikeondb2b", "content": "\ud83d\udd34 CVE-2026-15282 - Critical (9.8)\n\nThe Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-15282/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T01:01:18.260449Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b5fda2d6-ff1d-4b54-a3e4-727102c3180a/export"/>
    <published>2026-07-13T01:01:18.260449+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bfffd313-f35a-4061-b0f4-e5874b03e128/export</id>
    <title>bfffd313-f35a-4061-b0f4-e5874b03e128</title>
    <updated>2026-07-14T20:43:52.489406+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bfffd313-f35a-4061-b0f4-e5874b03e128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j", "content": "CVE-2026-15282. CVSS 9.8. Instant Appointment plugin lets anyone upload files. wp-config.php. Database dumps. Shell code. All unauth. Update to 1.2 now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-11T00:00:32.636759Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bfffd313-f35a-4061-b0f4-e5874b03e128/export"/>
    <published>2026-07-11T00:00:32.636759+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6a97e3cb-7d82-4d92-934c-386ee349b568/export</id>
    <title>6a97e3cb-7d82-4d92-934c-386ee349b568</title>
    <updated>2026-07-14T20:43:52.489511+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6a97e3cb-7d82-4d92-934c-386ee349b568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z", "content": "CVE-2026-15282 - instant appointment\nAn outdated version of the Instant Appointment plugin for WordPress allows unauthorized users to upload any file to the server. This could potentially\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#instantappointment #tenteeglobal #CVE #infosec", "creation_timestamp": "2026-07-10T05:16:07.130906Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6a97e3cb-7d82-4d92-934c-386ee349b568/export"/>
    <published>2026-07-10T05:16:07.130906+00:00</published>
  </entry>
</feed>
