PT-2026-26876 · WordPress · Pre* Party Resource Hints
Chawabhon Netisingha
·
Published
2026-03-21
·
Updated
2026-03-21
·
CVE-2026-4087
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pre* Party Resource Hints plugin for WordPress versions through 1.8.20
Description
The Pre* Party Resource Hints plugin for WordPress is susceptible to SQL Injection. This occurs through the
hint ids parameter of the pprh update hints AJAX action, stemming from inadequate input sanitization and insufficient query preparation. An authenticated attacker with Subscriber-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The vulnerable parameter is hint ids and the affected action is pprh update hints.Recommendations
Update Pre* Party Resource Hints plugin for WordPress to a version later than 1.8.20.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pre* Party Resource Hints