CVE-2025-9198

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-9198

CVE-2025-9198 concerns the WordPress plugin “Wp cycle text announcement” (versions up to and including 8.1). The vulnerability is a SQL Injection via the cycle-text shortcode caused by insufficient escaping of user-supplied parameters and inadequate preparation of the existing SQL query. Exploita...

EUVD-2025-32279

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...