PatchSiren

tainacan CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH tainacan CVE published 2026-07-08

CVE-2026-6230

The Tainacan plugin for WordPress, specifically versions up to and including 1.0.3, is vulnerable to a time-based blind SQL Injection attack. This vulnerability exists due to insufficient escaping of the user-supplied 'geoquery' parameter and a lack of sufficient preparation on the existing SQL query. As a result, unauthenticated attackers can inject additional SQL queries, potentially leading to the disc [truncated]