Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection…

A SQL injection vulnerability (CVE-2026-40797) has been identified in Saleswonder LLC's WebinarIgnition plugin. The vulnerability allows for blind SQL injection attacks through improper neutralization of special elements used in SQL commands. This security flaw affects WebinarIgnition versions up to 4.08.253. The vulnerability enables attackers to potentially extract sensitive data from the database through blind SQL injection techniques. Given the nature of SQL injection attacks, this represents a significant security risk for affected WordPress installations running the WebinarIgnition plugin.