Robfelty Collapsing Categories vulnerabilities
2 known vulnerabilities affecting robfelty/collapsing_categories.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-12025P1HIGHCVSS 7.5ExploitedPoC≤ 3.0.82024-12-18
CVE-2024-12025 [HIGH] CWE-89 CVE-2024-12025: The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' par
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for
nvd
CVE-2026-32366P3HIGHCVSS 8.5≤ 3.0.92026-03-13
CVE-2026-32366 [HIGH] CWE-89 CVE-2026-32366: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.
nvd