CVE-2026-8705 | ClearSale Total Plugin up to 3.4.2 on WordPress wp_verify_nonce metodo sql injection

Inserito da Angelo Barbosa | Giu 24, 2026 | CVE

A vulnerability was found in ClearSale Total Plugin up to 3.4.2 on WordPress and classified as critical. Affected by this issue is the function wp_verify_nonce. Executing a manipulation of the argument metodo can lead to sql injection.

This vulnerability is tracked as CVE-2026-8705. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-8705 | ClearSale Total Plugin up to 3.4.2 on WordPress wp_verify_nonce metodo sql injection

Post correlati

CVE-2024-21488 | tomas network prior 0.7.0 mac_address_for os command injection

CVE-2024-5729 | Simple AL Slider Plugin up to 1.2.10 on WordPress cross site scripting

CVE-2025-12083 | CivicTheme Design System up to 1.11.x on Drupal cross site scripting (sa-contrib-2025-113)

CVE-2024-4958 | User Registration Plugin up to 3.2.0.1 on WordPress authorization