🔐 CVE Alert

CVE-2026-12512

HIGH 8.6

Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes.

Vendor unknown
Product quotes llama
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for unknown quotes llama

Be the first to know when new high vulnerabilities affecting unknown quotes llama are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Quotes llama
0 < 3.1.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wpscan.com: https://wpscan.com/vulnerability/39d038f6-f009-4274-a8a7-9d7c2597ec85/

Credits

Pablo González Pérez Francisco José Ramírez Vicente and Iñigo Sánchez Enciso WPScan