CVE-2026-60137 in WordPress정보

요약

\~에 의해 MITRE • 2026. 07. 17.

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

책임이 있는

WPScan

예약하다

2026. 07. 17.

모더레이션

수락

항목

VDB-379928

EPSS

0.00000

활동

낮음

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!