CVE-2026-56068
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
The JetEngine plugin for WordPress versions 3.8.10.2 and earlier contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. This vulnerability allows unauthorized database queries to be executed.
Risk Assessment
An unauthenticated attacker could gain access to sensitive data stored in the WordPress database, such as user data, passwords, or content. This could lead to a breach of data confidentiality and integrity.
Recommendation
Immediately update the JetEngine plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin until it can be updated.
Original NVD description (English source)
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.

