xxconi/CVE-2026-6279 — reverse-engineered prompt

Build me a Python command line tool to help me check my own WordPress sites for CVE 2026 6279 in Avada Builder.

I want to enter one site or a text file of sites, even if the URLs are messy, and have the tool figure out the right protocol, look for signs of Avada Builder, find the public nonce if it exists, and safely verify whether the vulnerable widget AJAX flow is exposed. Please keep the check harmless, just enough to confirm risk, then show a clear result like vulnerable, not vulnerable, or could not verify.

Add a simple menu for single site mode and batch mode, let me choose thread count and an output file, and make the console output easy to read. Include install steps, required Python packages, example usage, and a strong warning that it’s only for sites I own or have permission to test.