CVE Catalog
CVE-2026-56064
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
SQL Injection vulnerability in Tourfic plugin up to version 2.22.5 allows a subscriber to inject malicious SQL code into database queries.
Risk Assessment
An attacker with subscriber role can gain unauthorized access to database data, including sensitive user information and site configuration.
Recommendation
Immediately update the Tourfic plugin to version 2.22.6 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

