CVE-2026-15290: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
The Ultimate Member WordPress plugin up to version 2.10.1 is vulnerable to blind SQL Injection via the search parameter. This vulnerability arises from insufficient escaping and lack of proper query…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a

Understanding and Preventing WordPress SQL Injection Attacks
Have you thought about the security risks WordPress websites face? Anders Johansson explores why they are frequent hacker targets and shares

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra
SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

Comments
Sign in to join the conversation.
No comments yet. Be the first.