CyberRota
← Ana sayfaya dön

CVE-2026-8441

HIGH · CVSS 7.5 EPSS %0.37

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-02T10:16:28.617 · Çekilme zamanı: 2026-07-02T18:28:04.189965+00:00

CyberRota Yorumu

SQL Injection riski içeriyor.

CVE
CVE-2026-8441
Severity
HIGH
CVSS
7.5
EPSS
%0.37
WordPress

Orijinal NVD Açıklaması

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $_POST['notinstring'] and passed through sanitize_text_field() — which strips HTML and whitespace but does not provide SQL safety. The value is then concatenated directly into a numeric/unquoted `AND id NOT IN (...)` clause and executed via $wpdb->get_results() without $wpdb->prepare() or intval() casting. Because the value sits in an unquoted numeric context, WordPress's wp_magic_quotes protection (which only escapes embedded quotes) is ineffective. The AJAX hook is registered via wp_ajax_nopriv_wprp_load_more_revs, and the required check_ajax_referer nonce is publicly available via wp_localize_script on any frontend page that renders the plugin shortcode, so an unauthenticated attacker who can reach a public page hosting the plugin can extract arbitrary data from the database via blind/time-based injection.