Vulnerabilities and security researches forinjection-guard injection-guard

Jun 06, 2024

CVE, Research URL: b3ffc58f4bac099645e51bb16e995ed49041baeb
Home page URL: Security reports for Injection Guard
Application: Injection Guard
Date: May 10, 2023
Research Description: Injection Guard [injection-guard] < 1.2.2 Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update The Injection Guard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the ig_update function. This makes it possible for unauthenticated attackers to update the plugin's whitelist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-32574
Home page URL: Security reports for Injection Guard
Application: Injection Guard
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.
Affected versions: Min -, max -.
Status: vulnerable

Aug 16, 2025

CVE, Research URL: CVE-2025-8046
Home page URL: Security reports for Injection Guard
Application: Injection Guard
Date: Aug 14, 2025
Research Description: The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Affected versions: Min -, max -.
Status: vulnerable