CVE-2026-4661
The CVE-2026-4661 entry concerns the WordPress plugin WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (versions up to 2.2.2). The flaw is a time-based blind SQL injection in the fildname parameter, caused by insufficient escaping of user-supplied column names in ajaxCheck() and an inco...