WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability

Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

CVE-2026-2503

CVE-2026-2503 describes a time-based SQL Injection in the ElementCamp WordPress plugin through the meta_query[compare] parameter used by the tcg_select2_search_post AJAX action, affecting all versions up to 2.3.6. The vulnerability arises because the user-supplied compare value is used as an SQL ...

PT-2026-26841

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta querycompare' parameter in the 'tcg select2 search post' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the quer...

PT-2020-12927 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: media-library-assistant plugin versions prior to 2.82 for WordPress Description: The issue allows for Remote Code Execution via the tax query, meta query, or date query parameter in mla gallery through an admin interface. Recommendations: For...