{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4087", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-12T20:55:39.221Z", "datePublished": "2026-03-21T03:26:55.193Z", "dateUpdated": "2026-04-08T17:06:06.897Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:06.897Z"}, "affected": [{"vendor": "samperrow", "product": "Pre* Party Resource Hints", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.20", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ceb4750-0780-4437-a3b0-c4c4606f2715?source=cve"}, {"url": "https://github.com/samperrow/pre-party-browser-hints"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/utils/Utils.php#L80"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L78"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L91"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/admin/LoadAdmin.php#L72"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Chawabhon Netisingha"}], "timeline": [{"time": "2026-03-20T14:37:45.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:50:32.404322Z", "id": "CVE-2026-4087", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:51:27.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T13:50:32.404322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:51:22.854Z"}}], "cna": {"title": "Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Chawabhon Netisingha"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "samperrow", "product": "Pre* Party Resource Hints", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.8.20"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T14:37:45.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ceb4750-0780-4437-a3b0-c4c4606f2715?source=cve"}, {"url": "https://github.com/samperrow/pre-party-browser-hints"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/utils/Utils.php#L80"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L78"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L91"}, {"url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/admin/LoadAdmin.php#L72"}], "descriptions": [{"lang": "en", "value": "The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:06.897Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4087", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:06:06.897Z", "dateReserved": "2026-03-12T20:55:39.221Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-21T03:26:55.193Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El plugin Pre* Party Resource Hints para WordPress es vulnerable a inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'hint_ids' de la acci\u00f3n AJAX pprh_update_hints en todas las versiones hasta e incluyendo la 1.8.20. Esto se debe a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, a\u00f1adan consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer informaci\u00f3n sensible de la base de datos."}], "id": "CVE-2026-4087", "lastModified": "2026-04-24T16:27:44.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-21T04:17:41.190", "references": [{"source": "security@wordfence.com", "url": "https://github.com/samperrow/pre-party-browser-hints"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/admin/LoadAdmin.php#L72"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L78"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/common/DAO.php#L91"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/pre-party-browser-hints/tags/1.8.20/includes/utils/Utils.php#L80"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ceb4750-0780-4437-a3b0-c4c4606f2715?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.20]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "matching", "scores": [{"score": 99.0, "source": "matching"}]}, "original": {"product": "Pre* Party Resource Hints", "source": "cna", "vendor": "samperrow"}, "product": "pre_party_resource_hints", "vendor": "samperrow"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-21T08:35:41.930599+00:00", "value": {"mitigation_remediation": ["Update the Pre* Party Resource Hints plugin to a version that eliminates the SQL injection flaw.", "If an update cannot be performed immediately, temporarily deactivate or delete the plugin to block the vulnerable AJAX endpoint.", "Restrict Subscriber or other user roles from accessing AJAX endpoints that handle the hint_ids parameter, or reduce the permissions granted to these roles.", "Verify that the WordPress database account follows least\u2011privilege principles, limiting it to only necessary operations."], "summary": {"action": "Patch Immediately", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "Any WordPress site that has installed samperrow's Pre* Party Resource Hints plugin in a version up to and including 1.8.20 is vulnerable. The vulnerability is exploitable by any authenticated user with the Subscriber role or higher; therefore sites with such users or with unrestricted subscriber access may be affected.", "description_and_impact": "The Pre* Party Resource Hints WordPress plugin contains a SQL injection flaw in the hint_ids parameter of the pprh_update_hints AJAX action. User input is not properly escaped and the SQL query is constructed without adequate preparation, allowing an attacker with Subscriber or higher privileges to append arbitrary SQL statements. This can lead to extraction of sensitive information such as user data, posts, and other database contents, constituting an information disclosure vulnerability (CWE\u201189).", "risk_and_exploitability": "The CVSS score of 6.5 places the flaw in the moderate range, and the lack of an EPSS score or KEV listing suggests that large\u2011scale exploitation is not yet widespread. The exploit requires authenticated access, so disabling or restricting subscriber privileges, or temporarily deactivating the plugin, can mitigate the risk until a patch is applied. If exploited, an attacker could gain read or potentially write access to the entire WordPress database, compromising the site\u2019s confidentiality and integrity."}}}}, "created": "2026-03-23T09:50:15.862419+00:00", "updated": "2026-03-25T14:41:56.064787+00:00", "vendors": ["samperrow", "samperrow$PRODUCT$pre_party_resource_hints", "wordpress", "wordpress$PRODUCT$wordpress"]}