{"vulnerability": "cve-2026-1058", "sightings": [{"uuid": "ff61b99b-d95a-4fce-b9b1-b9a350db18e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndijydnwa2f", "content": "CVE-2026-10584 - HTTPS Fallback to HTTP in Graph Explorer\nCVE ID : CVE-2026-10584\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might all...", "creation_timestamp": "2026-06-02T21:02:11.210530Z"}, {"uuid": "5d323a04-6b74-4c78-861e-e0311120e435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mniyhk3bqm2d", "content": "HIGH severity SSRF in Gutenberg Essential Blocks (WordPress plugin) lets Authors+ send arbitrary server requests. No patch yet \u2014 restrict Author access & monitor activity. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:28.744138Z"}, {"uuid": "4244681f-08ee-4b77-9640-b485285c6212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116694910594929909", "content": "\u26a0\ufe0f CVE-2026-10586: HIGH severity SSRF in Gutenberg Essential Blocks for WordPress (\u22646.1.3). Authors+ can send arbitrary server requests via save_ai_generated_image(). No patch yet \u2014 restrict access & monitor. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:40.994823Z"}, {"uuid": "587c84e6-830a-4859-b938-a3d787f8d28c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10586", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnjhjxnha72r", "content": "Gutenberg Essential Blocks lets authenticated users make arbitrary web requests from your server. SSRF at 7.2/10 (CVE-2026-10586). They grab wp-config, internal APIs, cloud metadata. Update to 6.1.3 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-05T06:00:15.181956Z"}, {"uuid": "e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c", "content": "CVE-2026-10580. CVSS 9.8. Hippoo Mobile App for WooCommerce lets any visitor take over admin accounts. No authentication required. Update to 1.9.4 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-06T00:00:12.942192Z"}, {"uuid": "0e161c6e-6b86-419b-a05c-46827e3e1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p", "content": "\ud83d\udd34 CVE-2026-10580 - Critical (9.8)\n\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10580/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T20:01:43.987860Z"}, {"uuid": "a2cc85d3-ae1c-4675-908b-ec1755bcdc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnpdq65dfl2s", "content": "CVE-2026-10580 - Critical Authentication Bypass in Hippoo WordPress plugin. Flaw conflates admin and unauthenticated user permissions, allowing full admin takeover. CVSS 9.8. No patch available. Disable plugin now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-10580/", "creation_timestamp": "2026-06-07T14:08:08.097746Z"}, {"uuid": "45e0fd84-668c-4bac-9106-7072019098f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10580.yaml", "content": "", "creation_timestamp": "2026-06-10T19:03:51.000000Z"}, {"uuid": "78a4603b-61f0-458d-b7d4-b326929cb7a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobwuu7fg32p", "content": "\ud83d\udea8  ALERT: CVE-2026-10580\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user", "creation_timestamp": "2026-06-14T23:38:40.455954Z"}, {"uuid": "20d4376f-5c63-489c-b876-74bc8779bae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mobyxswlxa25", "content": "CVE-2026-10580 hippoo (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T00:16:07.670995Z"}, {"uuid": "d11198bf-ee05-4150-b1cc-c74c16e5756f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10586", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3moejgwkx2q2e", "content": "CVE-2026-10586 essential-blocks (CVSS Score 7.2) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-16T00:16:14.210923Z"}, {"uuid": "1bef1b1e-2886-4f63-81e5-a1d23a8579a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "published-proof-of-concept", "source": "Telegram/LhIaoh3_gVTYhhCtIaB2hHXuGQagt5GRqp2XlP3YfDwVpSU", "content": "", "creation_timestamp": "2026-06-06T21:00:04.000000Z"}]}