<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 02 Jul 2026 09:33:36 +0000</lastBuildDate>
    <item>
      <title>24dd6c77-5592-44d9-8fab-df0ad0a9dec3</title>
      <link>https://vulnerability.circl.lu/sighting/24dd6c77-5592-44d9-8fab-df0ad0a9dec3/export</link>
      <description>{"uuid": "24dd6c77-5592-44d9-8fab-df0ad0a9dec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mpl5z5jkqh2k", "content": "Avada Builder CVE-2026-8713: 1M sitios en riesgo\n\nCVE-2026-8713 en Avada Builder permite borrar wp-config.php sin login y tomar control total del sitio. \u00bfTen\u00e9s versi\u00f3n 3.15.3 o anterior? Actualiz\u00e1 ya.\n\n#avadabuilder #cve20268713 #pathtraversal #borradodearchivos #wordpressplugin", "creation_timestamp": "2026-07-01T09:05:30.454160Z"}</description>
      <content:encoded>{"uuid": "24dd6c77-5592-44d9-8fab-df0ad0a9dec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mpl5z5jkqh2k", "content": "Avada Builder CVE-2026-8713: 1M sitios en riesgo\n\nCVE-2026-8713 en Avada Builder permite borrar wp-config.php sin login y tomar control total del sitio. \u00bfTen\u00e9s versi\u00f3n 3.15.3 o anterior? Actualiz\u00e1 ya.\n\n#avadabuilder #cve20268713 #pathtraversal #borradodearchivos #wordpressplugin", "creation_timestamp": "2026-07-01T09:05:30.454160Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/24dd6c77-5592-44d9-8fab-df0ad0a9dec3/export</guid>
      <pubDate>Wed, 01 Jul 2026 09:05:30 +0000</pubDate>
    </item>
    <item>
      <title>a0169fa0-9f4c-4537-b068-9ea1f93f3733</title>
      <link>https://vulnerability.circl.lu/sighting/a0169fa0-9f4c-4537-b068-9ea1f93f3733/export</link>
      <description>{"uuid": "a0169fa0-9f4c-4537-b068-9ea1f93f3733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/mysites.guru/post/3mowzzenxmx2r", "content": "Avada Builder 3.15.4 patches CVE-2026-8713: unauthenticated arbitrary file deletion (CVSS 9.1). Delete wp-config.php, WordPress drops to setup mode, an attacker's path to full RCE.\n\nFind affected sites:\nmysites.guru/blog/avada-b...", "creation_timestamp": "2026-06-23T09:00:47.889374Z"}</description>
      <content:encoded>{"uuid": "a0169fa0-9f4c-4537-b068-9ea1f93f3733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/mysites.guru/post/3mowzzenxmx2r", "content": "Avada Builder 3.15.4 patches CVE-2026-8713: unauthenticated arbitrary file deletion (CVSS 9.1). Delete wp-config.php, WordPress drops to setup mode, an attacker's path to full RCE.\n\nFind affected sites:\nmysites.guru/blog/avada-b...", "creation_timestamp": "2026-06-23T09:00:47.889374Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a0169fa0-9f4c-4537-b068-9ea1f93f3733/export</guid>
      <pubDate>Tue, 23 Jun 2026 09:00:47 +0000</pubDate>
    </item>
    <item>
      <title>9830279c-f308-4578-b499-73bc7db6faad</title>
      <link>https://vulnerability.circl.lu/sighting/9830279c-f308-4578-b499-73bc7db6faad/export</link>
      <description>{"uuid": "9830279c-f308-4578-b499-73bc7db6faad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/mysites.guru/post/3mouxahndsg24", "content": "Avada Builder 3.15.4 patches CVE-2026-8713: unauthenticated arbitrary file deletion (CVSS 9.1). Delete wp-config.php, WordPress drops to setup mode, an attacker's path to full RCE.\n\nFind affected sites:\nmysites.guru/blog/avada-b...", "creation_timestamp": "2026-06-22T13:05:45.529105Z"}</description>
      <content:encoded>{"uuid": "9830279c-f308-4578-b499-73bc7db6faad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/mysites.guru/post/3mouxahndsg24", "content": "Avada Builder 3.15.4 patches CVE-2026-8713: unauthenticated arbitrary file deletion (CVSS 9.1). Delete wp-config.php, WordPress drops to setup mode, an attacker's path to full RCE.\n\nFind affected sites:\nmysites.guru/blog/avada-b...", "creation_timestamp": "2026-06-22T13:05:45.529105Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9830279c-f308-4578-b499-73bc7db6faad/export</guid>
      <pubDate>Mon, 22 Jun 2026 13:05:45 +0000</pubDate>
    </item>
    <item>
      <title>a1ee76e6-66e8-4428-b695-d276979ff925</title>
      <link>https://vulnerability.circl.lu/sighting/a1ee76e6-66e8-4428-b695-d276979ff925/export</link>
      <description>{"uuid": "a1ee76e6-66e8-4428-b695-d276979ff925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn45ueih2b", "content": "\ud83d\udea8  ALERT: CVE-2026-8713\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nThe Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and including, 3.15.3. This makes it possible for unauthenti", "creation_timestamp": "2026-06-22T00:31:43.229927Z"}</description>
      <content:encoded>{"uuid": "a1ee76e6-66e8-4428-b695-d276979ff925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn45ueih2b", "content": "\ud83d\udea8  ALERT: CVE-2026-8713\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nThe Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and including, 3.15.3. This makes it possible for unauthenti", "creation_timestamp": "2026-06-22T00:31:43.229927Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a1ee76e6-66e8-4428-b695-d276979ff925/export</guid>
      <pubDate>Mon, 22 Jun 2026 00:31:43 +0000</pubDate>
    </item>
    <item>
      <title>c3ff26d1-324b-4d50-aaf7-0562d427ea02</title>
      <link>https://vulnerability.circl.lu/sighting/c3ff26d1-324b-4d50-aaf7-0562d427ea02/export</link>
      <description>{"uuid": "c3ff26d1-324b-4d50-aaf7-0562d427ea02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mosdmdph4v2t", "content": "\ud83d\udcf0 Peretas Eksploitasi Celah Keamanan Kebocoran Informasi pada Plugin WordPress Gravity SMTP\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/21/peretas-eksploitasi-celah-api-gravity-smtp-wordpress/\n\n#avadaBuilder #celahKeamanan #cve-2026-4020 #cve-2026-8713 #exploit #gravitySmtp ", "creation_timestamp": "2026-06-21T12:11:05.519845Z"}</description>
      <content:encoded>{"uuid": "c3ff26d1-324b-4d50-aaf7-0562d427ea02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mosdmdph4v2t", "content": "\ud83d\udcf0 Peretas Eksploitasi Celah Keamanan Kebocoran Informasi pada Plugin WordPress Gravity SMTP\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/21/peretas-eksploitasi-celah-api-gravity-smtp-wordpress/\n\n#avadaBuilder #celahKeamanan #cve-2026-4020 #cve-2026-8713 #exploit #gravitySmtp ", "creation_timestamp": "2026-06-21T12:11:05.519845Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c3ff26d1-324b-4d50-aaf7-0562d427ea02/export</guid>
      <pubDate>Sun, 21 Jun 2026 12:11:05 +0000</pubDate>
    </item>
    <item>
      <title>1e0b5501-1d98-4b02-b76f-eb6e6d201c6d</title>
      <link>https://vulnerability.circl.lu/sighting/1e0b5501-1d98-4b02-b76f-eb6e6d201c6d/export</link>
      <description>{"uuid": "1e0b5501-1d98-4b02-b76f-eb6e6d201c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3moostal2o52d", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 26 interactions\nCVE-2026-54420: 26 interactions\nCVE-2026-20262: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-20253: 6 interactions\nCVE-2026-47729: 5 interactions\nCVE-2026-8713: 4 interactions\n", "creation_timestamp": "2026-06-20T02:30:48.822569Z"}</description>
      <content:encoded>{"uuid": "1e0b5501-1d98-4b02-b76f-eb6e6d201c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3moostal2o52d", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 26 interactions\nCVE-2026-54420: 26 interactions\nCVE-2026-20262: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-20253: 6 interactions\nCVE-2026-47729: 5 interactions\nCVE-2026-8713: 4 interactions\n", "creation_timestamp": "2026-06-20T02:30:48.822569Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1e0b5501-1d98-4b02-b76f-eb6e6d201c6d/export</guid>
      <pubDate>Sat, 20 Jun 2026 02:30:48 +0000</pubDate>
    </item>
    <item>
      <title>278fb18d-f980-407e-8006-25455ccb219c</title>
      <link>https://vulnerability.circl.lu/sighting/278fb18d-f980-407e-8006-25455ccb219c/export</link>
      <description>{"uuid": "278fb18d-f980-407e-8006-25455ccb219c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mongltu7ft2a", "content": "CVE-2026-8713: The Silent WordPress Plugin Flaw That Could Erase Your Entire Website in Seconds +\u00a0Video\n\nA Hidden Danger Inside One of WordPress\u2019 Most Popular Builders In the vast ecosystem of WordPress plugins, few tools are as widely used for page design and form building as the Avada Builder\u2026", "creation_timestamp": "2026-06-19T13:19:15.836110Z"}</description>
      <content:encoded>{"uuid": "278fb18d-f980-407e-8006-25455ccb219c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8713", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mongltu7ft2a", "content": "CVE-2026-8713: The Silent WordPress Plugin Flaw That Could Erase Your Entire Website in Seconds +\u00a0Video\n\nA Hidden Danger Inside One of WordPress\u2019 Most Popular Builders In the vast ecosystem of WordPress plugins, few tools are as widely used for page design and form building as the Avada Builder\u2026", "creation_timestamp": "2026-06-19T13:19:15.836110Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/278fb18d-f980-407e-8006-25455ccb219c/export</guid>
      <pubDate>Fri, 19 Jun 2026 13:19:15 +0000</pubDate>
    </item>
    <item>
      <title>62e32948-33ec-4cdf-ba26-bf0f2a432c06</title>
      <link>https://vulnerability.circl.lu/sighting/62e32948-33ec-4cdf-ba26-bf0f2a432c06/export</link>
      <description>{"uuid": "62e32948-33ec-4cdf-ba26-bf0f2a432c06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mon563pgxv2l", "content": "CRITICAL path traversal in Avada (Fusion) Builder \u22643.15.3 lets unauthenticated attackers delete files \u2014 risking remote code execution. Restrict access, monitor activity, &amp;amp; check vendor advisories. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc ...", "creation_timestamp": "2026-06-19T10:30:30.480265Z"}</description>
      <content:encoded>{"uuid": "62e32948-33ec-4cdf-ba26-bf0f2a432c06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mon563pgxv2l", "content": "CRITICAL path traversal in Avada (Fusion) Builder \u22643.15.3 lets unauthenticated attackers delete files \u2014 risking remote code execution. Restrict access, monitor activity, &amp;amp; check vendor advisories. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc ...", "creation_timestamp": "2026-06-19T10:30:30.480265Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/62e32948-33ec-4cdf-ba26-bf0f2a432c06/export</guid>
      <pubDate>Fri, 19 Jun 2026 10:30:30 +0000</pubDate>
    </item>
    <item>
      <title>457692e5-8aa9-4152-b292-445768073111</title>
      <link>https://vulnerability.circl.lu/sighting/457692e5-8aa9-4152-b292-445768073111/export</link>
      <description>{"uuid": "457692e5-8aa9-4152-b292-445768073111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116776306465494065", "content": "CVE-2026-8713: CRITICAL path traversal (CVSS 9.1) in Avada (Fusion) Builder \u22643.15.3. Unauthenticated file deletion possible; RCE risk if wp-config.php is removed. Restrict access, monitor usage, check vendor for fixes. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc #OffSeq #WordPress #Infosec", "creation_timestamp": "2026-06-19T10:30:30.282516Z"}</description>
      <content:encoded>{"uuid": "457692e5-8aa9-4152-b292-445768073111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8713", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116776306465494065", "content": "CVE-2026-8713: CRITICAL path traversal (CVSS 9.1) in Avada (Fusion) Builder \u22643.15.3. Unauthenticated file deletion possible; RCE risk if wp-config.php is removed. Restrict access, monitor usage, check vendor for fixes. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc #OffSeq #WordPress #Infosec", "creation_timestamp": "2026-06-19T10:30:30.282516Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/457692e5-8aa9-4152-b292-445768073111/export</guid>
      <pubDate>Fri, 19 Jun 2026 10:30:30 +0000</pubDate>
    </item>
  </channel>
</rss>
