{"vulnerability": "cve-2026-1079", "sightings": [{"uuid": "6a927ff7-2015-4749-9801-7bf7dc1c53d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/responsive-uk.bsky.social/post/3mnxf3bkwjk23", "content": "Critical vulnerability (CVE-2026-10795) patched in UpdraftPlus WordPress plugin! Unauthenticated auth bypass could lead to remote code execution & full site compromise.\n\nEnsure you are updated to Version 1.26.5 immediately.\n\n#WordPress #Cybersecurity #Infosec\n\nwww.wordfence.com/blog/2026/06...", "creation_timestamp": "2026-06-10T18:53:36.555280Z"}, {"uuid": "2adf6c81-f349-45fb-b13c-feca9696bd66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnz35knkmi2n", "content": "\ud83d\udfe0 CVE-2026-10795 - High (8.1)\n\nThe UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authenticatio...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10795/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T11:01:11.012062Z"}, {"uuid": "9834cb94-dbaf-4391-a959-c6e37d7ab913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnypcydait2v", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3UpdraftPlus\u306b\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u653b\u6483\u8005\u306f\u7ba1\u7406\u8005\u306e\u6a29\u9650\u3067\u60aa\u610f\u306e\u3042\u308b\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u30fb\u5b9f\u884c\u3067\u304d\u308b\u3002\nCVE-2026-10795 CVSS 8.1 | HIGH", "creation_timestamp": "2026-06-11T07:29:28.120044Z"}, {"uuid": "d0ddb552-31e2-42c2-88ed-73a8ad4ed118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10795", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnyperghfa25", "content": "UpdraftPlus WP Backup & Migration Plugin (\u22641.26.4): HIGH severity auth bypass lets attackers gain admin access & execute code. Restrict plugin access & monitor for suspicious remote activity. Await vendor patch. https://radar.offseq.com/threat/cve-2026-10795-cwe-347-improper-verification-of-cr-8f...", "creation_timestamp": "2026-06-11T07:30:29.108871Z"}, {"uuid": "92fc9bcd-4b96-4b55-a3f2-21cafee285fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10795", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116730299994175631", "content": "\u26a0\ufe0f HIGH severity: UpdraftPlus WP Backup & Migration Plugin (\u22641.26.4) vulnerable to auth bypass (CVE-2026-10795). Attackers can forge RPC commands & achieve RCE. Restrict access & monitor logs until a patch is available. https://radar.offseq.com/threat/cve-2026-10795-cwe-347-improper-verification-of-cr-8f1c77cc #OffSeq #WordPress #Vuln", "creation_timestamp": "2026-06-11T07:30:33.881391Z"}, {"uuid": "34206210-5794-47c3-bbaf-cd0693e9937a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mnys6ewjgy2w", "content": "CVE-2026-10795: bypass cr\u00edtico en UpdraftPlus (3M sitios)\n\n\u00bfTen\u00e9s UpdraftPlus activo? CVE-2026-10795 es un wordpress critical unauthenticated authentication bypass que expone 3M de sitios. Actualiz\u00e1 ya a 1.26.5\n\n#cve202610795 #updraftplus #authenticationbypass #wordpresssecurity #parcheurgente", "creation_timestamp": "2026-06-11T08:20:34.148122Z"}, {"uuid": "d7b237f8-b2a9-40d2-afbc-0648c6c437a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnywggso4j2y", "content": "CVE-2026-10795 - UpdraftPlus: WP Backup & Migration Plugin\nCVE ID : CVE-2026-10795\n \n Published : June 11, 2026, 7:16 a.m. | 1\u00a0hour, 47\u00a0minutes ago\n \n Description : The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in...", "creation_timestamp": "2026-06-11T09:36:39.171683Z"}, {"uuid": "55117bcf-e9f7-44bf-a545-202529fa8e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnz6hbl2ed2n", "content": "UpdraftPlus backup plugin leaks everything: backups, configs, databases. Auth bypass in all versions through 1.26.4. CVE-2026-10795, CVSS 8.1. Update immediately. Scan your WordPress site: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-06-11T12:00:17.135208Z"}, {"uuid": "b6fa068c-be91-40a4-8fa7-8bc997ee076f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mo2hl2aa5v26", "content": "CVE-2026-10795 updraftplus (CVSS Score 8.1) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #updraftplus", "creation_timestamp": "2026-06-12T00:16:07.144002Z"}, {"uuid": "607d7208-5cfb-4699-8070-ec4becf366e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/fCG7WKzSZ3J5MxWk4q33cwgoeWrsZeYEI50sN5k5RlUMOc4", "content": "", "creation_timestamp": "2026-06-11T23:00:06.000000Z"}, {"uuid": "5a8ed900-56b2-4c00-b336-c10686b72527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3modadvsxiy2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-10795\n\n\u2022 CVE ID: CVE-2026-10795\n\u2022 CVSS Score: 8.1 (High)\n\u2022 Affected: Popular WordPress \n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-15T12:00:48.912357Z"}, {"uuid": "e64d4daa-c4b5-43d9-b8a5-7e7a13bef673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://gist.github.com/gnanet/0b305a2d339361a4d762a8fe497845be", "content": "Having faced a mystery, where wordpress/woocommerce shops went nuts, i found out i was  hit by the CVE-2026-10795\n\nIOC were:\n\n- Found an \"undeletable\" mu-plugin: `mu-plugins/turbo-watcher-x.php`\n- 2 plugins got lost: `w3-total-cache` and `woocommerce-german-market`\n- Found a new user admin_{HASH},or adm_{HASH} \n- any administrator who logged in, got automatically the same `session_tokens` additionally to it's own login\n\nSecondary IOC was inside `options` table\n\n```\nSELECT * FROM wp_options WHERE (LENGTH(option_name) = 12 AND option_name REGEXP '^[0-9a-f]+$') OR option_name like 'sc\\_%'\n```\n\nOne option_value was the key to above SQL conditions: `3.1.0|php.x-rehctaw-obrut`\n\nand an interesting option_key `sc_last_rpc` , with option_value `https://0xrpc.io/eth`\n\n\nI wanted to analyse the dropped PHP, tried lot online deobfuscators, but the biggest initial help was\n[reverse-php-malware](https://github.com/bediger4000/reverse-php-malware)\n\nIt helped me to undestand how the token collection was interpreted, how it choose values function names etc.\n\nI attached `dict-test.php` which contains an original string from the dropped-php in the comments, but running it is safe, because the re-write below the comments will only print out the obfuscated tokens/words/etc in cleartext.", "creation_timestamp": "2026-06-19T08:00:58.000000Z"}, {"uuid": "24ec3193-6341-428d-b6d8-9e2265d5db74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/bfOUhtYO5_knJKoj_if_OKxt7hZq78r0zHfwCUUuIAza2Gk", "content": "", "creation_timestamp": "2026-06-11T11:00:12.000000Z"}, {"uuid": "60e7898e-2f00-4570-adb2-faa74856cb70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/qE6f29_aVOJA4ORgQTQStDqLz7TqoxzfPbinGVmKV8o4EU8", "content": "", "creation_timestamp": "2026-06-11T15:00:13.000000Z"}, {"uuid": "562497c5-b23e-42e6-9d20-5142a13e60f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/P4OAF6tyxAIVXey_izy-TP1JEXG6oDmgsdsL3rMnBYotsT0", "content": "", "creation_timestamp": "2026-06-11T15:00:06.000000Z"}, {"uuid": "1760aece-cfa7-4269-bb27-6945bedac911", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/013f12c2-9644-4cbd-a79b-77116751fe2c", "content": "", "creation_timestamp": "2026-06-19T12:45:07.332041Z"}]}