CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

WordPress Injection Guard plugin <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability

Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Injection Guard versions = 1.2.9...

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

WordPress plugin Injection Guard 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

CVE-2026-3368 Injection Guard <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

CVE-2026-3368

The CVE covers the WordPress Injection Guard plugin (

PT-2026-26718

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...

EUVD-2023-36817

Malicious code in bioql PyPI...

EUVD-2025-24666

Malicious code in bioql PyPI...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress Injection Guard plugin < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] vulnerability

Reflected XSS via $SERVER'REQUESTURI' vulnerability discovered by Bob Matyas in WordPress Plugin Injection Guard versions 1.2.8...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046

The CVE-2025-8046 entry is confirmed with concrete details: Injection Guard WordPress plugin versions prior to 1.2.8 do not escape $_SERVER['REQUEST_URI'] when echoing in an HTML attribute, enabling Reflected XSS in older browsers. Affected software: Injection Guard WordPress plugin

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-33128 · WordPress · Injection Guard

Name of the Vulnerable Software and Affected Versions: Injection Guard WordPress plugin versions prior to 1.2.8 Description: The Injection Guard WordPress plugin does not properly escape the $ SERVER'REQUEST URI' parameter before displaying it within an attribute. This could lead to Reflected...

WordPress plugin Injection Guard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-32574

Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1...