CVE Catalog

CVE-2026-56068

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The JetEngine plugin for WordPress versions 3.8.10.2 and earlier contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. This vulnerability allows unauthorized database queries to be executed.

Risk Assessment

An unauthenticated attacker could gain access to sensitive data stored in the WordPress database, such as user data, passwords, or content. This could lead to a breach of data confidentiality and integrity.

Recommendation

Immediately update the JetEngine plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin until it can be updated.

Original NVD description (English source)

Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS