A vulnerability was found in blendmedia WP CTA Plugin up to 2.2.2 on WordPress. It has been rated as critical. The impacted element is the function
ajaxCheck of the component SQL Injection Handler. Performing a manipulation of the argument fildname results in sql injection.
This vulnerability is cataloged as CVE-2026-4661. It is possible to initiate the attack remotely. There is no exploit available.