{"vulnerability": "cve-2026-13001", "sightings": [{"uuid": "1b7684bf-8188-403a-9e44-d70869e74e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnd5rawin2v", "content": "CVE-2026-13001\nThe Podlove Podcast Publisher plugin for WordPress has a security issue that allows hackers to upload any type of file to your server without needing a password. This could potentially allow them to run\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T23:08:04.703470Z"}, {"uuid": "dcd65968-6850-47d2-beb1-dd5285b60657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqng36zng626", "content": "CVE-2026-13001. Podlove Podcast Publisher up to 4.5.1 lets anyone upload arbitrary files. No auth needed. 9.8/10 critical.\n\nYour wp-config exposed. Database dumps stolen. Shell uploaded.\n\nUpdate to 4.5.2 now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-15T00:00:30.257612Z"}, {"uuid": "9b85ae25-05f7-4771-9cf0-e883e48f5f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "https://bsky.app/profile/rpunkt.bsky.social/post/3mqo3pzfdlc2l", "content": "Alle #Podlove -Nutzenden unter WP sollten fix auf Version 4.5.2 aktualisieren.\n\nDas Update schlie\u00dft die kritische Sicherheitsl\u00fccke CVE-2026-13001, die unauthentifizierte Remote Code Execution \u00fcber den Image-Cache erm\u00f6glicht.\n\npodlove.org/blog/securit...", "creation_timestamp": "2026-07-15T06:27:48.208833Z"}, {"uuid": "76084529-b220-4457-9c30-b00a113949b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "https://bsky.app/profile/johnspurlock.com/post/3mqowbwzmjs23", "content": "\u2018Podlove Publisher 4.5.2 fixes CVE-2026-13001, a critical vulnerability in the image cache that could allow unauthenticated remote code execution on affected installations.\u2019\n\npodlove.org/blog/securit...", "creation_timestamp": "2026-07-15T14:23:06.701813Z"}, {"uuid": "be250ff5-845c-422f-90ed-ad62c122c3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93596", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-13001\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 19:39:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPodlove Podcast Publisher Unauthenticated File Upload RCE via is_image() vs extract_file_extension() Mismatch | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:05.051468Z"}, {"uuid": "c58ba4a0-dfae-41d1-9009-a6230b97ba14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "https://t.me/GithubRedTeam/93509", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-13001\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Raimu0x19\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 09:59:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:06.147614Z"}, {"uuid": "68234fe5-a11e-4ba7-859b-c2fcaf570a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "Telegram/WpvDvGjEvjgi59xQuSoP_dHZxaiY97yT2fZggdo6c2KwALA", "content": "", "creation_timestamp": "2026-07-16T19:00:06.728975Z"}, {"uuid": "a7c75a15-e5aa-4f44-b96b-d9ab64b220ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "Telegram/fnq-HCCIjbhzeI4TC1ixQu82pH2CpmWc72Tdnvx0IlMjFVI", "content": "", "creation_timestamp": "2026-07-16T19:00:04.527665Z"}, {"uuid": "0f83f01a-686a-4c21-8fd4-c38555ee886a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13001", "type": "seen", "source": "Telegram/aLUBIgd1oXw2vuhuFf6alCjtWAQyS8DwghI3-yppd5LMZjw", "content": "", "creation_timestamp": "2026-07-16T19:00:04.836793Z"}]}