CVE-2026-15300: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ninjew GEO my WP
The GEO my WP WordPress plugin versions up to and including 4.5.4 are vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters. The vulnerability arises because these parameters…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

Understanding and Preventing WordPress SQL Injection Attacks
Have you thought about the security risks WordPress websites face? Anders Johansson explores why they are frequent hacker targets and shares

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a
Critical Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabli

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

Comments
Sign in to join the conversation.
No comments yet. Be the first.