3 matches found
CVE-2026-15727
The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-15727
The CVE-2026-15727 entry concerns the WP Bulk Delete WordPress plugin. Affected: WP Bulk Delete (plugins bundle) up to version 1.4.2. Vulnerability: generic SQL Injection via the delete_user_roles parameter, caused by insufficient escaping of user-supplied input and inadequate preparation in the ...
CVE-2026-15727 WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter
The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...