{"vulnerability": "cve-2026-1241", "sightings": [{"uuid": "4ef90b16-4b83-4258-bea1-34b2dea33c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1241", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02", "content": "", "creation_timestamp": "2026-02-26T11:00:00.000000Z"}, {"uuid": "997c39e0-7f0d-4212-8c20-eb2727d868eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1241", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mfs3bb2wv72e", "content": "", "creation_timestamp": "2026-02-26T20:53:06.768172Z"}, {"uuid": "49ef8263-b216-46d7-9c51-bad1bfa7c870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12412", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mogfpt234u2l", "content": "CVE-2026-12412 - Rejected reason: loading template...\nCVE ID : CVE-2026-12412\n \n Published : June 16, 2026, 5:16 p.m. | 15\u00a0minutes ago\n \n Description : Rejected reason: loading template...\n \n Severity: 0.0 | NA\n \n Visit the link for more details, such as CVSS details, affected...", "creation_timestamp": "2026-06-16T18:14:56.571058Z"}, {"uuid": "9de54a67-318a-417f-a642-327c8f82177d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12416", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mozhayscl62p", "content": "\ud83d\udea8  ALERT: CVE-2026-12416\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the `pravel_invoice_change_password()` function being registered as a nopriv AJAX handler w", "creation_timestamp": "2026-06-24T08:03:01.959049Z"}, {"uuid": "80dbb9ad-b4d5-475b-906d-6d80af5b91ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12417", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mozhba5qeo2p", "content": "\ud83d\udea8  ALERT: CVE-2026-12417\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe SignUp &amp; SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the `pravel_change_password()` AJAX handler \u2014 re", "creation_timestamp": "2026-06-24T08:03:09.426535Z"}, {"uuid": "29559828-808c-41a1-be28-856ae92f77d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12416", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116804264395356312", "content": "CRITICAL (CVSS 9.8): CVE-2026-12416 impacts pravel Invoice Generator \u22641.0.0. Weak password reset lets unauthenticated attackers reset any user\u2019s password, including admins. Restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-12416-cwe-640-weak-password-recovery-mech-e09858a3967d35a9 #OffSeq #WordPress #CVE #infosec", "creation_timestamp": "2026-06-24T09:00:33.231658Z"}, {"uuid": "3a02cb2f-49eb-4479-9def-693fa085b0b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12416", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mozkhv3zkr2g", "content": "CRITICAL: pravel Invoice Generator \u22641.0.0 lets unauthenticated attackers reset any user password \u2014 including admins \u2014 via a broken password reset. Restrict access or disable plugin now. https://radar.offseq.com/threat/cve-2026-12416-cwe-640-weak-password-recovery-mech-e09858a3967d35a9 #OffSeq #Wo...", "creation_timestamp": "2026-06-24T09:00:35.088542Z"}, {"uuid": "0c9bcfab-62d5-404a-a6e4-0bf9b78e80e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12417", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mozpiorzoj2l", "content": "pravel SignUp &amp; SignIn \u22641.0.0 hit by CRITICAL vuln: attackers can reset any WP user password (CVE-2026-12417). Remove/disable plugin until official patch. https://radar.offseq.com/threat/cve-2026-12417-cwe-640-weak-password-recovery-mech-5dce018195eb2855 #OffSeq #WordPress #Vulnerability", "creation_timestamp": "2026-06-24T10:30:30.368738Z"}, {"uuid": "4d433dec-56f1-4206-a5df-83e4ee4fa462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12417", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116804618000067132", "content": "pravel SignUp &amp; SignIn (&lt;=1.0.0) has a CRITICAL flaw (CVE-2026-12417): unauthenticated attackers can reset any WordPress user password, including admins. Remove or disable plugin until patch. https://radar.offseq.com/threat/cve-2026-12417-cwe-640-weak-password-recovery-mech-5dce018195eb2855 #OffSeq #WordPress #Vuln #CVE202612417", "creation_timestamp": "2026-06-24T10:30:38.144106Z"}, {"uuid": "3bc45a75-f786-49fe-b29b-b43f5975b5b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12417", "type": "seen", "source": "https://bsky.app/profile/packetstorm.bsky.social/post/3mp2pnt4lkq2h", "content": "CVE-2026-12417 / CVE-2026-12416 Mass Scanner https://packetstorm.news/files/224205 #exploit", "creation_timestamp": "2026-06-24T20:06:02.149028Z"}, {"uuid": "cdf7c774-b3bb-443b-8f08-48654fa0f9c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12416", "type": "seen", "source": "https://bsky.app/profile/packetstorm.bsky.social/post/3mp2pnt4lkq2h", "content": "CVE-2026-12417 / CVE-2026-12416 Mass Scanner https://packetstorm.news/files/224205 #exploit", "creation_timestamp": "2026-06-24T20:06:02.182374Z"}, {"uuid": "a9fef3b4-3acc-44e1-b15a-387961a993d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12416", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mp3v3zdjzx2w", "content": "CVE-2026-12416 invoice-creator (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-25T07:16:06.878958Z"}, {"uuid": "5e47dc6c-0b29-4adb-b61c-b8d3368acdea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12417", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mp43tidtos26", "content": "CVE-2026-12417 signup-signin (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-25T09:16:36.545366Z"}, {"uuid": "8316d94e-ad7d-4d2f-998a-6bb5b3b9d6de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12411", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7pzez34222", "content": "CVE-2026-12411 - Broken Access Control in Canonical LXD DevLXD API\nCVE ID : CVE-2026-12411\n \n Published : June 26, 2026, 3:27 p.m. | 3\u00a0hours, 43\u00a0minutes ago\n \n Description : Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted ...", "creation_timestamp": "2026-06-26T19:55:48.342685Z"}, {"uuid": "a81aa25f-79da-4bb8-9853-5743340d865e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12415", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mparsjsyrw2u", "content": "CRITICAL: pravel Invoice Generator \u22641.0.0 lets unauthenticated attackers hijack any WordPress account \u2014 incl. admins \u2014 via exposed AJAX. Disable plugin or block pravel_invoice_edit_account() now. https://radar.offseq.com/threat/cve-2026-12415-cwe-269-improper-privilege-manageme-3c4b296b228a674f #...", "creation_timestamp": "2026-06-27T06:00:26.237747Z"}, {"uuid": "44caef33-7d96-4393-9a19-849a5d4e67af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpassotsjd2s", "content": "CVE-2026-12415 - Invoice Generator\nCVE ID : CVE-2026-12415\n \n Published : June 27, 2026, 4:30 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice...", "creation_timestamp": "2026-06-27T06:18:24.840931Z"}, {"uuid": "c32b69ef-05bc-4f30-a86e-67d7e387218b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mpat6tjh6z2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cInvoice Generator\u300d\uff08v1.0.0\u307e\u3067\uff09\u3067\u3001\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u306f\u4efb\u610f\u306e\u30e6\u30fc\u30b6\u30fc\uff08\u7ba1\u7406\u8005\u542b\u3080\uff09\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4e57\u3063\u53d6\u308b\u3053\u3068\u304c\u53ef\u2026\nCVE-2026-12415 CVSS 9.8 | CRITICAL", "creation_timestamp": "2026-06-27T06:25:12.707889Z"}, {"uuid": "ee686b89-94a2-4553-890d-9b0fddd4f6fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mpbniwrmxv2i", "content": "CVE-2026-12415 invoice-creator (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-27T14:16:09.060758Z"}, {"uuid": "0cf453f4-6f34-4a3d-a4e5-2908721ba4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpbpylejhg2g", "content": "\ud83d\udd34 CVE-2026-12415 - Critical (9.8)\n\nThe Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-12415/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-27T15:00:41.658070Z"}, {"uuid": "149f7e46-3d67-4afd-8bbe-28948de6db3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph7m2c4ry25", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12415 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Invoice Generator \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/18B86939-6C43-42AB-A5D1-49A9F0CBBF44", "creation_timestamp": "2026-06-29T19:23:18.779818Z"}, {"uuid": "a21a9d9a-2bb5-4fe6-b33a-1d6c300394de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12415", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mph7ma7npb2k", "content": "WordPress\u63d2\u4ef6\u6f0f\u6d1e\u8b66\u544a:Invoice Generator\u63d2\u4ef6\u5b58\u5728\u7279\u6743\u63d0\u5347\u98ce\u9669(CVE-2026-12415)\n\n\n\nhttps://qian.cx/posts/A4E57BE2-D7D8-4BFF-933F-561D57FB07E8", "creation_timestamp": "2026-06-29T19:23:25.198379Z"}, {"uuid": "e6438667-67ec-4622-b520-a9970c70f385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12413", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mppi45ff522f", "content": "Libreswan\u306eIKEv2\u51e6\u7406\u3067\u3001\u4e0d\u6b63\u306a\u30d5\u30e9\u30b0\u30e1\u30f3\u30c8\u306b\u3088\u308a\u30c7\u30fc\u30e2\u30f3\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002 fragmentation=no\u8a2d\u5b9a\u304c\u306a\u3044IKEv2\u63a5\u7d9a\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3002\nCVE-2026-12413 CVSS 7.5 | HIGH", "creation_timestamp": "2026-07-03T02:16:46.770484Z"}, {"uuid": "0ece80b7-4399-4f91-aa10-2a1801e0f9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12413", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpr4cchqyt2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12413 \u0432 Libreswan: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/1DD2CF84-1B21-498F-9C48-AD2E257F1F77", "creation_timestamp": "2026-07-03T17:50:48.589862Z"}]}