VYPR

Injection Guard

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-3368HigMar 21, 2026
    risk 0.47cvss 7.2epss 0.00

    The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize_ig_data() function which only sanitizes array…

  • CVE-2025-8046MedAug 14, 2025
    risk 0.40cvss 6.1epss 0.00

    The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

  • CVE-2023-32574MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.