CVE-2026-12512
Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes.
| Vendor | unknown |
| Product | quotes llama |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown quotes llama
Be the first to know when new high vulnerabilities affecting unknown quotes llama are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Unknown / Quotes llama
0 < 3.1.6
References
Credits
Pablo González Pérez Francisco José Ramírez Vicente and Iñigo Sánchez Enciso WPScan