CVE-2026-9757 | ninjew GEO my WP Plugin up to 4.5.5 on WordPress Shortcode QUERY_STRING sql injection

Inserito da Angelo Barbosa | Mag 30, 2026 | CVE

A vulnerability marked as critical has been reported in ninjew GEO my WP Plugin up to 4.5.5 on WordPress. Impacted is an unknown function of the component Shortcode Handler. The manipulation of the argument QUERY_STRING leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-9757. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-9757 | ninjew GEO my WP Plugin up to 4.5.5 on WordPress Shortcode QUERY_STRING sql injection

Post correlati

CVE-2024-0326 | Premium Addons for Elementor Plugin up to 4.10.18 on WordPress Event onClick cross site scripting

CVE-2024-39639 | Nickolas Bossinas File Upload Plugin up to 4.24.7 on WordPress access control

CVE-2024-35307 | Artica Pandora FMS up to 776 Realtime Graph Extension argument injection

CVE-2024-23930 | Pioneer DMH-WT7600NEX Media Service denial of service (ZDI-24-1043)