16 matches found
CVE-2026-2503
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...
WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability
Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...
CVE-2026-2503
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...
CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...
CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...
CVE-2026-2503
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...
CVE-2026-2503
CVE-2026-2503 describes a time-based SQL Injection in the ElementCamp WordPress plugin through the meta_query[compare] parameter used by the tcg_select2_search_post AJAX action, affecting all versions up to 2.3.6. The vulnerability arises because the user-supplied compare value is used as an SQL ...
PT-2026-26841
The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta querycompare' parameter in the 'tcg select2 search post' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the quer...
WordPress plugin ElementCamp SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-24556
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...
CVE-2026-24556
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...
CVE-2026-24556
CVE-2026-24556 affects WordPress ElementCamp plugin (ElementCamp, element-camp) up to version 2.3.2. The issue is a Missing/Broken Authorization vulnerability in the access-control configuration that may allow unauthorized actions. Public details in connected sources confirm the root cause as inc...
CVE-2026-24556 WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...
CVE-2026-24556 WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...
WordPress plugin ElementCamp has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ElementCamp versions = 2.3.2...