--- /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/artifacts/getreviews_class.vulnerable.php	2026-07-05 17:05:32.251641242 +0000
+++ /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/artifacts/getreviews_class.fixed.php	2026-07-05 17:05:32.261640873 +0000
@@ -32,7 +32,8 @@
 			//add a not in statement after $sortdir if we are rand search ex: AND book_price NOT IN (100,200)
 			if($notinstring!=''){
 				//explode implode for safety
-				$tempnotinarray = explode(",",$notinstring);
+				// CVE-2026-8441 fix: only integer review IDs may enter the numeric NOT IN clause.
+				$tempnotinarray = array_filter(array_map('absint', explode(",", $notinstring)));
 				if(is_array($tempnotinarray)){
 					$notinstring = implode(",",$tempnotinarray);
 					$notinsearchstring = " AND id NOT IN (".$notinstring.") ";
No syntax errors detected in /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/artifacts/runtime/wordpress/wp-content/plugins/wp-review-slider-pro/public/partials/getreviews_class.php
