CVE-2026-32366

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/collapsing-categories/vulnerability/wordpress-collapsing-categories-plugin-3-0-9-sql-injection-vulnerability?_s_id=cve

Configurations

No configuration.

History

22 Apr 2026, 21:30

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyección SQL') en robfelty Collapsing Categories collapsing-categories permite Inyección SQL Ciega. Este problema afecta a Collapsing Categories: desde n/a hasta <= 3.0.9.

13 Mar 2026, 19:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-13 19:54

Updated : 2026-04-22 21:30

NVD link : CVE-2026-32366

Mitre link : CVE-2026-32366

CVE.ORG link : CVE-2026-32366

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

8.5 /10