2 matches found
EUVD-2026-43157
The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...
CVE-2026-4661
The CVE-2026-4661 entry concerns the WordPress plugin WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (versions up to 2.2.2). The flaw is a time-based blind SQL injection in the fildname parameter, caused by insufficient escaping of user-supplied column names in ajaxCheck() and an inco...