CVE-2026-2352: Unsanitized Post Array Assignment

Direct assignment of an unsanitized $_POST variable. This data can lead to Cross-Site Scripting (XSS) if saved to the database. Use sanitization functions like sanitize_text_field().

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

PHP^β

greprules fetch cve-2026-2352-unsanitized-post-array-assignment --engine opengrep

Description

Direct assignment of an unsanitized $_POST variable. This data can lead to Cross-Site Scripting (XSS) if saved to the database. Use sanitization functions like sanitize_text_field().

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 73How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0