PT-2026-26718

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...

EUVD-2025-24666

Malicious code in bioql PyPI...

WordPress Injection Guard plugin < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] vulnerability

Reflected XSS via $SERVER'REQUESTURI' vulnerability discovered by Bob Matyas in WordPress Plugin Injection Guard versions 1.2.8...

PT-2025-33128 · WordPress · Injection Guard

Name of the Vulnerable Software and Affected Versions: Injection Guard WordPress plugin versions prior to 1.2.8 Description: The Injection Guard WordPress plugin does not properly escape the $ SERVER'REQUEST URI' parameter before displaying it within an attribute. This could lead to Reflected...

CVE-2023-32574 WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood Injection Guard injection-guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through = 1.2.1...