CVE-2026-4087

Name of the Vulnerable Software and Affected Versions Pre* Party Resource Hints plugin for WordPress versions through 1.8.20

Description The Pre* Party Resource Hints plugin for WordPress is susceptible to SQL Injection. This occurs through the hint ids parameter of the pprh update hints AJAX action, stemming from inadequate input sanitization and insufficient query preparation. An authenticated attacker with Subscriber-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The vulnerable parameter is hint ids and the affected action is pprh update hints.

Recommendations Update Pre* Party Resource Hints plugin for WordPress to a version later than 1.8.20.