CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...

WordPress Rank Math SEO plugin <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete vulnerability

Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete vulnerability discovered by Leo in WordPress Plugin Rank Math SEO versions = 1.0.228...