orbit-cve-checklisted

# 🪐 orbit-cve-check — Live CVE feed correlation > **Runtime-evergreen.** Every invocation fetches the current security feeds. The plugin's findings cite the exact feed timestamp. --- ## Runtime — fetch live before auditing (DO THIS FIRST) When this skill is invoked: 1. **Fetch in parallel** (5 sources, parallel WebFetch): - https://services.nvd.nist.gov/rest/json/cves/2.0/?resultsPerPage=100&pubStartDate=<7-days-ago>&keywordSearch=wordpress → NVD WordPress CVEs, last 7 days - https://patchstack.com/database/?type=wordpress → Patchstack public DB, current - https://wpscan.com/wordpresses → WPScan public feed - https://www.cve.org/CVERecord/SearchResults?query=wordpress → MITRE CVE search - https://github.com/advisories?query=type%3Areviewed+ecosystem%3Acomposer+wordpress → GitHub Advisory DB 2. **Normalise** — extract from each feed: - CVE ID - Affected pattern (regex on PHP code) - Severity (CVSS score) - First-disclosed date - Public PoC URL (if any) - Affected plugin name (where matched) 3. **De-duplicate** across sources — same CVE often appears in multiple feeds. 4. **Cross-reference** the plugin's source code against every pattern. 5. **Report** with citation — `Per NVD CVE-2026-XXXXX (fetched 2026-04-30 14:32 UTC, severity 9.8): pattern matched at includes/class-search.php:142.` If any feed fetch fails, log + continue with the rest. If ALL fail, fall back to embedded patterns + warn user that audit is degraded. --- ## What g