{"vulnerability": "cve-2026-10580", "sightings": [{"uuid": "e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c", "content": "CVE-2026-10580. CVSS 9.8. Hippoo Mobile App for WooCommerce lets any visitor take over admin accounts. No authentication required. Update to 1.9.4 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-06T00:00:12.942192Z"}, {"uuid": "0e161c6e-6b86-419b-a05c-46827e3e1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p", "content": "\ud83d\udd34 CVE-2026-10580 - Critical (9.8)\n\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10580/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T20:01:43.987860Z"}, {"uuid": "a2cc85d3-ae1c-4675-908b-ec1755bcdc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnpdq65dfl2s", "content": "CVE-2026-10580 - Critical Authentication Bypass in Hippoo WordPress plugin. Flaw conflates admin and unauthenticated user permissions, allowing full admin takeover. CVSS 9.8. No patch available. Disable plugin now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-10580/", "creation_timestamp": "2026-06-07T14:08:08.097746Z"}, {"uuid": "45e0fd84-668c-4bac-9106-7072019098f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10580.yaml", "content": "", "creation_timestamp": "2026-06-10T19:03:51.000000Z"}, {"uuid": "78a4603b-61f0-458d-b7d4-b326929cb7a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobwuu7fg32p", "content": "\ud83d\udea8  ALERT: CVE-2026-10580\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user", "creation_timestamp": "2026-06-14T23:38:40.455954Z"}, {"uuid": "20d4376f-5c63-489c-b876-74bc8779bae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mobyxswlxa25", "content": "CVE-2026-10580 hippoo (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T00:16:07.670995Z"}, {"uuid": "1bef1b1e-2886-4f63-81e5-a1d23a8579a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "published-proof-of-concept", "source": "Telegram/LhIaoh3_gVTYhhCtIaB2hHXuGQagt5GRqp2XlP3YfDwVpSU", "content": "", "creation_timestamp": "2026-06-06T21:00:04.000000Z"}]}