CVE Catalog

CVE-2026-56064

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

SQL Injection vulnerability in Tourfic plugin up to version 2.22.5 allows a subscriber to inject malicious SQL code into database queries.

Risk Assessment

An attacker with subscriber role can gain unauthorized access to database data, including sensitive user information and site configuration.

Recommendation

Immediately update the Tourfic plugin to version 2.22.6 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS