CVE-2026-63030: wordpress-develop
## The Exploit An unauthenticated attacker can perform SQL injection via the `author__not_in` parameter in any REST API endpoint that passes user input to `WP_Query`. The following curl request demonstrates the injection against the defaul...
Read article →