No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress
Wordpress wordpress |
|
| Vendors & Products |
Wordpress
Wordpress wordpress |
Fri, 17 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-89 | |
| Metrics |
cvssV3_1
|
Fri, 17 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter. | |
| Title | WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-17T19:52:26.119Z
Reserved: 2026-07-17T17:17:24.479Z
Link: CVE-2026-60137
Updated: 2026-07-17T19:52:17.964Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T20:30:03Z
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')