CVE-2026-3773 — SQL Injection
Image via images.unsplash.com
CVE-2026-3773 — The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3773 | vulnerability | CVE-2026-3773 |
| CWE-89 | weakness | CWE-89 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 09:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Rsync Vulnerability Exposes Users to Use-After-Free Flaw
CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim...
CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted
CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and...
CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update
CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.