{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:40:38.877","vulnerabilities":[{"cve":{"id":"CVE-2026-3523","sourceIdentifier":"security@wordfence.com","published":"2026-03-05T05:16:37.717","lastModified":"2026-03-05T19:38:53.383","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses `&&` (AND) instead of `||` (OR), causing the `in_array()` validation to be short-circuited and never evaluated for any non-empty type value. Combined with `stripslashes_deep()` being called on line 101 which removes `wp_magic_quotes()` protection, attacker-controlled single quotes pass through unescaped into the SQL query on line 298. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."},{"lang":"es","value":"El plugin Apocalypse Meow para WordPress es vulnerable a inyecciones SQL a través del parámetro \"type\" en todas las versiones hasta la 22.1.0, incluida esta. Esto se debe a un operador lógico defectuoso en la comprobación de validación de tipo en la línea 261 de ajax.php: la condición utiliza \"&amp;&amp;\" (AND) en lugar de «||» (OR), lo que provoca que la validación «in_array()» se acorte y nunca se evalúe para ningún valor de tipo no vacío. En combinación con la llamada a `stripslashes_deep()` en la línea 101, que elimina la protección `wp_magic_quotes()`, las comillas simples controladas por el atacante pasan sin escapar a la consulta SQL de la línea 298. Esto permite a los atacantes autenticados, con acceso de nivel administrador o superior, añadir consultas SQL adicionales a las consultas ya existentes, que pueden utilizarse para extraer información confidencial de la base de datos."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/tags/22.1.0/lib/blobfolio/wp/meow/ajax.php#L101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/tags/22.1.0/lib/blobfolio/wp/meow/ajax.php#L167","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/tags/22.1.0/lib/blobfolio/wp/meow/ajax.php#L261","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/tags/22.1.0/lib/blobfolio/wp/meow/ajax.php#L298","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/trunk/lib/blobfolio/wp/meow/ajax.php#L101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/trunk/lib/blobfolio/wp/meow/ajax.php#L167","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/trunk/lib/blobfolio/wp/meow/ajax.php#L261","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/apocalypse-meow/trunk/lib/blobfolio/wp/meow/ajax.php#L298","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3448958%40apocalypse-meow&new=3448958%40apocalypse-meow&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1af9757-23e9-41d2-bbcd-15b0610b6538?source=cve","source":"security@wordfence.com"}]}}]}