CVE Catalog
CVE-2026-56070
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk0.24%
15th percentile — higher than 15% of all known CVEs
Summary
The Advance Product Search plugin version 1.4.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can send specially crafted queries to execute arbitrary SQL commands on the database.
Risk Assessment
The risk includes unauthorized access to data, its modification or deletion, and potential takeover of the database server.
Recommendation
Immediately update the Advance Product Search plugin to a version newer than 1.4.4 that includes a fix for this vulnerability.
Original NVD description (English source)
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

