{"vulnerability": "cve-2026-4977", "sightings": [{"uuid": "f0f1e899-89db-4bc4-ba24-44a4de2873fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4977", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj4bhpid6y24", "content": "", "creation_timestamp": "2026-04-10T02:26:13.989466Z"}, {"uuid": "5a06b552-bbd4-40eb-bed8-627461cd71a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4977", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mjueyd5pfe2c", "content": "", "creation_timestamp": "2026-04-19T16:33:06.778059Z"}, {"uuid": "164ac8e8-2c47-4f8c-af5b-124b1d7f2751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49771", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnhhsw4byz2g", "content": "\ud83d\udfe0 CVE-2026-49771 - High (7.6)\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49771/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T10:59:58.333758Z"}, {"uuid": "d1349d10-53a9-4021-b4e2-0c086704868e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49771", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhjhig4ny25", "content": "CVE-2026-49771 - WordPress Photo Gallery by 10Web plugin\nCVE ID : CVE-2026-49771\n \n Published : June 4, 2026, 10:16 a.m. | 16\u00a0minutes ago\n \n Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery ...", "creation_timestamp": "2026-06-04T11:29:20.211990Z"}, {"uuid": "df78543a-7a8d-48ce-b118-430051c96a7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjuxxgeko2l", "content": "\ud83d\udd34 CVE-2026-49777 - Critical (10)\n\nImproper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Sli...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49777/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T10:00:43.926971Z"}, {"uuid": "3bb668b4-b71e-4ed6-825e-ae9948531fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjuxxgeko2l", "content": "\ud83d\udd34 CVE-2026-49777 - Critical (10)\n\nImproper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Sli...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49777/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T10:00:43.928042Z"}, {"uuid": "2310d8c6-1b3d-4df9-80ed-eb0e77b93d27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnjzonr2fv2d", "content": "CVE-2026-49777 - WordPress Product Slider Pro for WooCommerce plugin\nCVE ID : CVE-2026-49777\n \n Published : June 5, 2026, 9:16 a.m. | 1\u00a0hour, 58\u00a0minutes ago\n \n Description : Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pr...", "creation_timestamp": "2026-06-05T11:25:00.520270Z"}, {"uuid": "b276ae21-dda5-4813-a212-bf14f21d5053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnjzonr2fv2d", "content": "CVE-2026-49777 - WordPress Product Slider Pro for WooCommerce plugin\nCVE ID : CVE-2026-49777\n \n Published : June 5, 2026, 9:16 a.m. | 1\u00a0hour, 58\u00a0minutes ago\n \n Description : Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pr...", "creation_timestamp": "2026-06-05T11:25:00.509228Z"}, {"uuid": "3d010881-e471-4f85-bd65-7ebd37af25a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-49777.yaml", "content": "", "creation_timestamp": "2026-06-09T06:22:37.000000Z"}, {"uuid": "5aae8446-30c5-4501-af57-0e07fb1ab743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49776", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mod2iseygx2o", "content": "CVE-2026-49776 gptranslate (CVSS Score 7.5) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T10:16:11.078930Z"}, {"uuid": "4f49e732-a82e-4f71-945a-cd257c404f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49774", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modb7hjj4b2p", "content": "CVE-2026-49774 integracao-rd-station (CVSS Score 8.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T12:16:13.622180Z"}, {"uuid": "00e170a9-1cb1-48c0-a861-56bd0f55930c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49770", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modeknoxnr2b", "content": "CVE-2026-49770 wp-travel-engine (CVSS Score 8.1) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T13:16:10.804912Z"}, {"uuid": "a1d07c84-528e-471c-993e-086f4acba626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49771", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modlbabs5v26", "content": "CVE-2026-49771 photo-gallery (CVSS Score 6.5) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T15:16:11.089186Z"}, {"uuid": "ba2a60fd-5483-4930-8a47-0ecd7d010885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49775", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modomnbtv62o", "content": "CVE-2026-49775 usc-e-shop (CVSS Score 5.3) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T16:16:15.227820Z"}, {"uuid": "42e54d8f-bd18-442c-81d9-3c4d7f345dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49775", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3modon74ty22f", "content": "CVE-2026-49775 usc-e-shop (CVSS Score 5.3) \n\n#WordPress plugin #vulnerability #potatosecurity #wordpressfirewall #mashing #wpsecurity #atomicedge #potatosecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T16:16:33.042677Z"}, {"uuid": "c40b3ab2-4429-4dbd-b7e5-740dfe50c1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49773", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modrxqljzx2y", "content": "CVE-2026-49773 fv-wordpress-flowplayer (CVSS Score 6.4) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T17:16:08.483194Z"}, {"uuid": "602272de-ce9e-4ae3-8362-3a7c6ddade64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49778", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3modyoehafq2d", "content": "CVE-2026-49778 wpfunnels-pro (CVSS Score 7.2) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T19:16:10.696429Z"}, {"uuid": "3e61c7d3-c8f3-424d-8f25-3e263a5b3ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49778", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3modzcxu4oj2p", "content": "CVE-2026-49778 wpfunnels-pro (CVSS Score 7.2) \n\n#WordPress plugin #vulnerability #potatosecurity #wordpressfirewall #mashing #wpsecurity #atomicedge #potatosecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T19:27:41.344951Z"}, {"uuid": "b1f4353e-cfa6-4b13-a5ff-6c0a2143569e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moea74g52u2m", "content": "CVE-2026-49770 - WordPress WP Travel Engine plugin\nCVE ID : CVE-2026-49770\n \n Published : June 15, 2026, 8:19 p.m. | 49\u00a0minutes ago\n \n Description : Unauthenticated PHP Object Injection in WP Travel Engine &lt;= 6.7.12 versions.\n \n Severity: 9.8 | CRITICAL\n \n Visit the link fo...", "creation_timestamp": "2026-06-15T21:30:47.803822Z"}, {"uuid": "6b7b29cb-b980-4164-8b79-bd31f50de8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moeajewr3o2h", "content": "CVE-2026-49776 - WordPress GPTranslate \u2013 Multilingual AI Translation for WordPress: Automatically Translate Websites plugin\nCVE ID : CVE-2026-49776\n \n Published : June 15, 2026, 8:19 p.m. | 49\u00a0minutes ago\n \n Description : Unauthenticated SQL Injection in GPTranslate \u2013 Multilin...", "creation_timestamp": "2026-06-15T21:36:46.175087Z"}, {"uuid": "8bdbd073-e8d2-430f-aaa3-e1f0dfe4b0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49770", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moelwyhvb224", "content": "\ud83d\udd34 CVE-2026-49770 - Critical (9.8)\n\nUnauthenticated PHP Object Injection in WP Travel Engine &lt;= 6.7.12 versions.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49770/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T01:01:01.627754Z"}, {"uuid": "f4701f13-cabd-4412-b2dc-ec4fdc9208ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49776", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moelx7tflz2o", "content": "\ud83d\udd34 CVE-2026-49776 - Critical (9.3)\n\nUnauthenticated SQL Injection in GPTranslate \u2013 Multilingual AI Translation for WordPress: Autom...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49776/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T01:01:09.022662Z"}, {"uuid": "eda3282e-1d9c-40bb-8056-9f879faf7e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49772", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mofu6j6ze72f", "content": "\ud83d\udd34 CVE-2026-49772 - Critical (9.3)\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49772/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T13:01:19.567952Z"}, {"uuid": "83e039b9-afc1-4298-8b9e-7196b31ec2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mofvcmldvk2g", "content": "CVE-2026-49774 - WordPress RD Station plugin\nCVE ID : CVE-2026-49774\n \n Published : June 16, 2026, 10:16 a.m. | 2\u00a0hours, 52\u00a0minutes ago\n \n Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusi...", "creation_timestamp": "2026-06-16T13:21:13.633416Z"}, {"uuid": "17e840fc-6c3c-4f34-916d-646be8ccf79c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49772", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mofw7xjz7z2v", "content": "CVE-2026-49772 - WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability\nCVE ID : CVE-2026-49772\n \n Published : June 16, 2026, 10:16 a.m. | 2\u00a0hours, 52\u00a0minutes ago\n \n Description : Improper Neutralization of Special Elements used in an SQL Command ('S...", "creation_timestamp": "2026-06-16T13:37:38.647123Z"}, {"uuid": "d1c0b124-02ad-49e8-bfb1-c770a0daae24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49774", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mofxjdokqq24", "content": "\ud83d\udd34 CVE-2026-49774 - Critical (9.9)\n\nImproper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49774/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T14:00:47.523766Z"}, {"uuid": "3daefcaa-9bee-45dd-907e-15aa92b3cf70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "published-proof-of-concept", "source": "Telegram/ycLXaxSGB-_ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y", "content": "", "creation_timestamp": "2026-06-12T15:00:07.000000Z"}, {"uuid": "fa821d72-becd-48ca-9735-295a84293343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "published-proof-of-concept", "source": "Telegram/YXCyRYfB5puG4zVuSsqFt0CqpucG34vnwOdsG1DKfw8sOUE", "content": "", "creation_timestamp": "2026-06-12T11:00:12.000000Z"}, {"uuid": "7777e37f-d400-42b0-9528-7248b0175bd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mozt5rdk5i2u", "content": "\ud83d\udea8 BREAKING\n\nThe free WordPress plugin was clean.\n\nThe paid update is what backdoored the site.\n\nShapedPlugin Pro updates stole admin logins and your 2FA seeds. A password reset will not clear it. (CVE-2026-49777)", "creation_timestamp": "2026-06-24T11:35:58.739505Z"}, {"uuid": "33f292e5-2b2f-4cdf-926a-fefc0b2453a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88459", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49777\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a izxci\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 08:28:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-12T07:00:04.928785Z"}, {"uuid": "5a8a9e5d-841a-43e5-a999-fb4e5b98e998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88459", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49777\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a izxci\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 08:28:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T00:00:50.218557Z"}, {"uuid": "f53be6d8-39f5-46a8-82a9-6a2b4fa783cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://t.me/true_secator/8322", "content": "\u0410\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 ShapedPlugin, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0434\u043b\u044f WordPress, \u0438\u043c\u0435\u044e\u0449\u0435\u0433\u043e \u0431\u043e\u043b\u0435\u0435 400 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0441\u0432\u043e\u0438\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u0445. \u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0430\u0439\u0442\u0430\u043c, \u043f\u043e\u0445\u0438\u0449\u0430\u043b\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u044b 2FA, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0443 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Wordfence \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 11 \u0438\u044e\u043d\u044f 2026 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f ShapedPlugin, \u0432\u043d\u0435\u0434\u0440\u044f\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043b\u0430\u0442\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u043c\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Easy Digital Downloads (EDD) \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430.\n\nShapedPlugin \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0438 \u0433\u043e\u0442\u043e\u0432\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\nWordfence \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u043f\u0438\u0438 Real Testimonials Pro \u0432\u0435\u0440\u0441\u0438\u0438 3.2.5 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f ShapedPlugin \u0435\u0449\u0435 12 \u0438\u044e\u043d\u044f. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u044f\u0437\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 \u0441 Product Slider Pro \u0434\u043b\u044f WooCommerce \u0438 Smart Post Pro.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0444\u0430\u0439\u043b LicenseLoader.php, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f \u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 WordPress. \u0417\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0441\u044f \u0441 C2 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 194.76.217.28:2871, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b \u0435\u0451 \u043a\u0430\u043a \u0444\u0435\u0439\u043a\u043e\u0432\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d, \u0441\u043e\u043e\u0431\u0449\u0430\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u043c\u0435\u043d \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u0434\u0430\u043b\u044f\u043b \u0441\u0435\u0431\u044f, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0438\u0442\u044c \u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u043e\u0434 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0441 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 woocommerce-subscription \u0438\u043b\u0438 woocommerce-notification, \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f WooCommerce.\n\n\u041e\u043d\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Tiny File Manager 2.6, Adminer 5.2.1, \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443, \u0431\u044d\u043a\u0434\u043e\u0440 \u0434\u043b\u044f REST API, \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u043b\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WordPress \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043c\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0441\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 cookie, IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0438 \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0422\u0430\u043a\u0436\u0435 \u0446\u0435\u043b\u044c\u044e \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0435 TOTP-\u043a\u043e\u0434\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WordPress, \u0432\u043a\u043b\u044e\u0447\u0430\u044f WP 2FA, Wordfence Login Security, Really Simple SSL 2FA \u0438 Two-Factor. \u0423\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 generate.2faplugin.org.\n\nWordfence \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u0430 \u0441\u0431\u043e\u0440\u043a\u0438 ShapedPlugin, \u0430 \u043d\u0435 \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0437\u0430 \u0434\u0432\u0443\u0445\u0447\u0430\u0441\u043e\u0432\u043e\u0439 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u043a 21 \u043c\u0430\u044f 2026 \u0433\u043e\u0434\u0430 \u0431\u044b\u043b\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043e \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0442\u044b\u0440\u0435 \u0444\u0430\u0439\u043b\u0430, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 Git \u0432 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0441\u0445\u0435\u043c\u0430\u0445 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0440\u0430\u0431\u043e\u0447\u0438\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0430 ShapedPlugin.\n\n\u041f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u043c\u0435\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u0430\u043a \u043a \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u043c, \u0442\u0430\u043a \u0438 \u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f, \u043d\u043e \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0432 \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0446\u0435\u043d\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432.\n\n\u0411\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-10735, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a Product Slider Pro \u0440\u0430\u043d\u0435\u0435 \u0431\u044b\u043b \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d \u043a\u0430\u043a CVE-2026-49777.\n\nWordfence \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043b\u0430\u0442\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 ShapedPlugin \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e \u0438\u044e\u043d\u044c 2026 \u0433\u043e\u0434\u0430, \u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0438\u0437 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0438\u0445 \u0441\u0430\u0439\u0442 \u043c\u043e\u0433 \u0431\u044b\u0442\u044c \u0432\u0437\u043b\u043e\u043c\u0430\u043d.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e, \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438, \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 WordPress, \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, SMTP \u0438 API, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u043d\u043e\u0432\u043e \u0432\u0441\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b 2Fa.", "creation_timestamp": "2026-07-13T13:00:07.983723Z"}, {"uuid": "98663de0-a32d-4ca2-ab04-899fb5095e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://t.me/GithubRedTeam/92427", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49777-WooCommerce-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a amnsecurity\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 00:15:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC &amp; Analysis | CVSS 10.0 CRITICAL | AMN SECURITY\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:09.848977Z"}, {"uuid": "8bf18db1-1f7b-4599-91ca-feb9e3875e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49772", "type": "seen", "source": "https://t.me/GithubRedTeam/90164", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49772\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a joshuavanderpoll\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-22 21:07:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49772 \u2014 The Events Calendar (WordPress) unauthenticated blind SQLi PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:21.092715Z"}, {"uuid": "b59142dd-a758-443e-b539-8a07a1545e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "seen", "source": "https://t.me/GithubRedTeam/92427", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49777-WooCommerce-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a amnsecurity\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 00:15:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC &amp; Analysis | CVSS 10.0 CRITICAL | AMN SECURITY\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:18.463241Z"}, {"uuid": "2d899cec-c9b6-4f73-8f4a-53a20b989316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49772", "type": "seen", "source": "https://t.me/GithubRedTeam/90164", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49772\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a joshuavanderpoll\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-22 21:07:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49772 \u2014 The Events Calendar (WordPress) unauthenticated blind SQLi PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:37.057611Z"}, {"uuid": "3b921c55-8e14-42d7-a200-b4c7437d947d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "exploited", "source": "https://t.me/true_secator/8322", "content": "\u0410\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 ShapedPlugin, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0434\u043b\u044f WordPress, \u0438\u043c\u0435\u044e\u0449\u0435\u0433\u043e \u0431\u043e\u043b\u0435\u0435 400 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0441\u0432\u043e\u0438\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u0445. \u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0430\u0439\u0442\u0430\u043c, \u043f\u043e\u0445\u0438\u0449\u0430\u043b\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u044b 2FA, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0443 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Wordfence \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 11 \u0438\u044e\u043d\u044f 2026 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f ShapedPlugin, \u0432\u043d\u0435\u0434\u0440\u044f\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043b\u0430\u0442\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u043c\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Easy Digital Downloads (EDD) \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430.\n\nShapedPlugin \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0438 \u0433\u043e\u0442\u043e\u0432\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\nWordfence \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u043f\u0438\u0438 Real Testimonials Pro \u0432\u0435\u0440\u0441\u0438\u0438 3.2.5 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f ShapedPlugin \u0435\u0449\u0435 12 \u0438\u044e\u043d\u044f. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u044f\u0437\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 \u0441 Product Slider Pro \u0434\u043b\u044f WooCommerce \u0438 Smart Post Pro.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0444\u0430\u0439\u043b LicenseLoader.php, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f \u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 WordPress. \u0417\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u043b\u0441\u044f \u0441 C2 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 194.76.217.28:2871, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b \u0435\u0451 \u043a\u0430\u043a \u0444\u0435\u0439\u043a\u043e\u0432\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d, \u0441\u043e\u043e\u0431\u0449\u0430\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u043c\u0435\u043d \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u0434\u0430\u043b\u044f\u043b \u0441\u0435\u0431\u044f, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0438\u0442\u044c \u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u043e\u0434 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0441 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 woocommerce-subscription \u0438\u043b\u0438 woocommerce-notification, \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f WooCommerce.\n\n\u041e\u043d\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Tiny File Manager 2.6, Adminer 5.2.1, \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443, \u0431\u044d\u043a\u0434\u043e\u0440 \u0434\u043b\u044f REST API, \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u043b\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WordPress \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043c\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0441\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 cookie, IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0438 \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0422\u0430\u043a\u0436\u0435 \u0446\u0435\u043b\u044c\u044e \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0435 TOTP-\u043a\u043e\u0434\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WordPress, \u0432\u043a\u043b\u044e\u0447\u0430\u044f WP 2FA, Wordfence Login Security, Really Simple SSL 2FA \u0438 Two-Factor. \u0423\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 generate.2faplugin.org.\n\nWordfence \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u0430 \u0441\u0431\u043e\u0440\u043a\u0438 ShapedPlugin, \u0430 \u043d\u0435 \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0437\u0430 \u0434\u0432\u0443\u0445\u0447\u0430\u0441\u043e\u0432\u043e\u0439 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u043a 21 \u043c\u0430\u044f 2026 \u0433\u043e\u0434\u0430 \u0431\u044b\u043b\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043e \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0442\u044b\u0440\u0435 \u0444\u0430\u0439\u043b\u0430, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 Git \u0432 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0441\u0445\u0435\u043c\u0430\u0445 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0440\u0430\u0431\u043e\u0447\u0438\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0430 ShapedPlugin.\n\n\u041f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u043c\u0435\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u0430\u043a \u043a \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u043c, \u0442\u0430\u043a \u0438 \u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f, \u043d\u043e \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0432 \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0446\u0435\u043d\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432.\n\n\u0411\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-10735, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a Product Slider Pro \u0440\u0430\u043d\u0435\u0435 \u0431\u044b\u043b \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d \u043a\u0430\u043a CVE-2026-49777.\n\nWordfence \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043b\u0430\u0442\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 ShapedPlugin \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e \u0438\u044e\u043d\u044c 2026 \u0433\u043e\u0434\u0430, \u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0438\u0437 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0438\u0445 \u0441\u0430\u0439\u0442 \u043c\u043e\u0433 \u0431\u044b\u0442\u044c \u0432\u0437\u043b\u043e\u043c\u0430\u043d.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e, \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438, \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 WordPress, \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, SMTP \u0438 API, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u043d\u043e\u0432\u043e \u0432\u0441\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b 2Fa.", "creation_timestamp": "2026-07-14T00:00:43.786479Z"}, {"uuid": "0995ebe9-3f74-43a0-a760-7aed86a907a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49772", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/90164", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49772\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a joshuavanderpoll\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-22 21:07:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49772 \u2014 The Events Calendar (WordPress) unauthenticated blind SQLi PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:19.486967Z"}, {"uuid": "f56550e8-b863-4fca-a62a-30cd9f3bc8c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49777", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92427", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49777-WooCommerce-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a amnsecurity\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 00:15:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC &amp; Analysis | CVSS 10.0 CRITICAL | AMN SECURITY\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:32.300821Z"}]}