--- /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/vuln_variant/artifacts/getreviews_class.before_notin_patch.php	2026-07-05 17:12:50.385396602 +0000
+++ /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/vuln_variant/artifacts/getreviews_class.after_notin_patch.php	2026-07-05 17:12:50.397396124 +0000
@@ -32,7 +32,8 @@
 			//add a not in statement after $sortdir if we are rand search ex: AND book_price NOT IN (100,200)
 			if($notinstring!=''){
 				//explode implode for safety
-				$tempnotinarray = explode(",",$notinstring);
+				// CVE-2026-8441 notinstring fix control: only integer review IDs may enter the numeric NOT IN clause.
+				$tempnotinarray = array_filter(array_map('absint', explode(",", $notinstring)));
 				if(is_array($tempnotinarray)){
 					$notinstring = implode(",",$tempnotinarray);
 					$notinsearchstring = " AND id NOT IN (".$notinstring.") ";
No syntax errors detected in /data/pruva/runs/52897a84-76e4-425d-abf6-ea2f2eb78fb0/bundle/vuln_variant/runtime/wordpress/wp-content/plugins/wp-review-slider-pro/public/partials/getreviews_class.php
