ShapedPlugin supply-chain backdoor — duplicate CVE submission for CVE-2026-10735 (noted § 7)

cve · CVE-2026-49777

Coverage timeline

first 2026-06-23 → last 2026-06-23

Briefs

1 distinct

Sources cited

5 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-06-23CTI Daily Brief — 2026-06-23

Source distribution

bleepingcomputer.com1 (20%)
blog.gitea.com1 (20%)
isc.sans.edu1 (20%)
thehackernews.com1 (20%)
wordfence.com1 (20%)

External references

NVD · cve.org · CISA KEV

All cited sources (5)

wordfence.comprimaryinlineWordfence, 2026-06-22https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/
cited in 2026-06-23
bleepingcomputer.cominlineBleepingComputer, 2026-06-22https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/
source profile · cited in 2026-06-23
blog.gitea.cominlineGiteahttps://blog.gitea.com/release-of-1.26.3-and-1.26.4
cited in 2026-06-23
isc.sans.eduinlineSANS ISChttps://isc.sans.edu/diary/33094
source profile · cited in 2026-06-23
thehackernews.cominlineThe Hacker News, 2026-06-22https://thehackernews.com/2026/06/shapedplugin-wordpress-pro-plugins.html
cited in 2026-06-23

Items in briefs about ShapedPlugin supply-chain backdoor — duplicate CVE submission for CVE-2026-10735 (noted § 7)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.