CYBERHAWK / CVE / CVE-2026-3018

CVE-2026-3018

HIGH CVSS 7.5 other

The flaw

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficie

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-3018

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits