CVE-2026-60137 in WordPressالمعلومات

الملخص

بحسب MITRE • 17/07/2026

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

WPScan

حجز

17/07/2026

إفشاء

17/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379928

EPSS

0.00000

KEV

لا

النشاطات

منخفض

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!