{"vulnerability": "cve-2026-1424", "sightings": [{"uuid": "b1892980-8ac8-4455-945e-eaed7c28a4c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1424", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mdcxojebin2n", "content": "", "creation_timestamp": "2026-01-26T09:48:33.555982Z"}, {"uuid": "d982554d-0fff-43e4-a2e4-c7b8fd73c438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14241", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mpll52n3cs2g", "content": "\ud83d\udd17 CVE : CVE-2026-14241", "creation_timestamp": "2026-07-01T13:00:19.706855Z"}, {"uuid": "ee3bdcc4-1c42-4fbe-9f7a-f9714cafe6c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14241", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmtvpmq7z22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-14241 \u0432 Firefox 152.0.3: \u0443\u0433\u0440\u043e\u0437\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/9605C672-A91C-4BE1-B371-E071A94C6173", "creation_timestamp": "2026-07-02T01:09:56.986098Z"}, {"uuid": "9aba86ea-3439-4020-a044-c1ba8e5f80ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14241", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mpmtvqpdai2t", "content": "\u6df1\u5ea6\u89e3\u6790Firefox 152.0.3\u4e2d\u7684\u5185\u5b58\u5b89\u5168\u6f0f\u6d1e(CVE-2026-14241)\u53ca\u5176\u5f71\u54cd\n\n\n\nhttps://qian.cx/posts/402142C7-3D4B-4519-9B36-28EC6F65569B", "creation_timestamp": "2026-07-02T01:09:57.834986Z"}, {"uuid": "78f0790c-a806-430e-9fc9-f74a92629230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14249", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mpnbm4xwul2x", "content": "CVE-2026-14249 request-a-quote (CVSS Score 7.5) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-07-02T05:15:07.888356Z"}, {"uuid": "22df1b6d-6419-4cd8-a5c7-83efab791c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpnkxsdjdo2q", "content": "CVE-2026-14249 - Request a Quote Form Plugin\nCVE ID : CVE-2026-14249\n \n Published : July 2, 2026, 5:35 a.m. | 2\u00a0hours, 11\u00a0minutes ago\n \n Description : The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_d...", "creation_timestamp": "2026-07-02T08:02:42.916872Z"}, {"uuid": "14a89e78-df57-4ec9-8790-739ea5288b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-14241", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1943", "content": "", "creation_timestamp": "2026-07-02T09:45:52.011434Z"}, {"uuid": "f98b2083-d4ec-4702-91bc-c5f5eb935e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14249", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpo7gur42d2a", "content": "CVE-2026-14249 - Code Injection in Request a Quote WordPress plugin \u22642.5.5. Attacker can execute arbitrary PHP functions via AJAX. CVSS 7.5. No patch available. Disable plugin immediately. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-14249/", "creation_timestamp": "2026-07-02T14:09:03.640917Z"}, {"uuid": "970b2b44-113f-4e36-a064-03386164ce08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14249", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpotfjfm5i2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-14249 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Request a Quote \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/595A19D8-5B6A-44F4-8C62-26D36476C442", "creation_timestamp": "2026-07-02T20:06:12.775605Z"}, {"uuid": "74cb5465-edc6-4a32-be5f-91c1811881b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14249", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mprqwye3bz2c", "content": "CVE-2026-14249. Request a Quote plugin up to 2.5.5 lets anyone inject code via AJAX. CVSS 7.5. No patch available. Disable it now. Scan your site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-04T00:00:55.051090Z"}, {"uuid": "e7c3bb35-e103-4884-9318-66751fa3b039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14241", "type": "seen", "source": "https://bsky.app/profile/smit-artem.bsky.social/post/3mq357zds262j", "content": "Heads up: an important security fix just landed for Mozilla Firefox. Open its settings and let it update. A couple of taps now keeps your data safer. CVE-2026-14241", "creation_timestamp": "2026-07-07T17:34:03.461225Z"}, {"uuid": "54800ce9-6c90-413a-9500-30e1406853d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-14245", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116889198686002131", "content": "CVE-2026-14245: CRITICAL vuln in miniOrange OTP Login \u22645.5.1. Auth bypass allows admin takeover if Ultimate Member Password Reset Form is enabled. Disable that integration or enforce phone-only reset until patched. https://radar.offseq.com/threat/cve-2026-14245-cwe-862-missing-authorization-in-cy-f05bec899fe71393 #OffSeq #WordPress #Infosec #Vuln", "creation_timestamp": "2026-07-09T09:00:27.662063Z"}, {"uuid": "2184f5cb-a1e2-44fd-8d4d-9fc4bfdb9681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-14245", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq7bhkabxp24", "content": "miniOrange OTP Login \u22645.5.1 (WordPress) has a CRITICAL auth bypass flaw. Attackers can reset admin passwords if Ultimate Member Password Reset Form is active. Disable it or enforce phone-only resets. https://radar.offseq.com/threat/cve-2026-14245-cwe-862-missing-authorization-in-cy-f05bec899fe713...", "creation_timestamp": "2026-07-09T09:00:30.051053Z"}, {"uuid": "2e668db2-ac92-4310-9754-e33875b9eb05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14245", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqaoqsfiik27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-14245 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 miniOrange \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/2E745249-1E0A-4E82-95A4-78063EB6EE74", "creation_timestamp": "2026-07-09T22:30:57.833477Z"}, {"uuid": "463531c6-a655-49a7-9df6-11520892b363", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14245", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqatqkztdg2x", "content": "Your admin account. Gone. CVE-2026-14245 in miniOrange OTP Login lets attackers bypass authentication entirely and take over as admin. 9.8/10 critical. Update to 5.5.1. now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-10T00:00:19.304556Z"}]}