CVE Catalog

CVE-2026-39581

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

27th percentile — higher than 27% of all known CVEs

Summary

The WP Sessions Time Monitoring Full Automatic plugin versions up to 1.1.4 is vulnerable to SQL Injection, allowing unauthorized users to access the database.

Risk Assessment

An attacker could exploit this vulnerability to steal data or modify information in the database, posing a serious security threat.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and conduct a security audit of the database.

Original NVD description (English source)

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS