ctipilot.ch

mySites.guru (Joomla/WordPress fleet security)

mysites-guru · B · candidate

https://mysites.guru/blog/

vulnsresearchlang: enfailures: 0last fetch: 2026-07-10

Joomla/WordPress fleet-management vendor whose research team discovers and reproduces third-party-extension file-upload-to-RCE zero-days ahead of CVE assignment; original disclosing party for the mid-2026 Joomla extension file-upload RCE wave (SP Page Builder, Page Builder CK, Balbooa Forms) and for CVE-2026-48939 (iCagenda, CISA-KEV 2026-07-10). ADDED as candidate 2026-07-10 (2009Z run), cited as published primary for the iCagenda entry; fetch via jina (`python3 tools/fetch_source.py jina https://mysites.guru/blog/<slug>/`). Promote to active after 3 contributing runs.

Cited in 3 entries

Citation cadence

Citation days per ISO week (1 weeks of coverage span, total 3).