CVE-2026-27743

Name of the Vulnerable Software and Affected Versions SPIP referer spam plugin versions prior to 1.3.0

Description The referer spam plugin is susceptible to an unauthenticated SQL injection. This occurs because the plugin’s referer spam ajouter and referer spam supprimer action handlers directly incorporate the url parameter from GET requests into SQL LIKE clauses without proper validation or parameterization. These endpoints lack authorization checks and SPIP action protections. This allows remote attackers to execute arbitrary SQL queries.

Recommendations Update to referer spam plugin version 1.3.0 or later.