An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/189354/security/critical-sql-injection-bug-in-ally-plugin-threatens-400000-wordpress-sites.html
