CVE Catalog

CVE-2026-56067

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Summary

The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.

Risk Assessment

An attacker can gain unauthorized access to sensitive data in the database, including user data and site configuration. This could lead to complete takeover of the website.

Recommendation

Immediately update the JetSmartFilters plugin to version 3.8.4 or later. If an update is not possible, temporarily disable the plugin.

Original NVD description (English source)

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS