CVE Catalog

CVE-2026-57628

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Summary

SQL Injection vulnerability in WP All Import plugin versions up to 4.0.1 allows an administrator to inject malicious SQL code into the database.

Risk Assessment

An attacker with administrator privileges can steal, modify, or delete data from the WordPress database, leading to data integrity and confidentiality breaches.

Recommendation

It is recommended to immediately update the WP All Import plugin to the latest version that fixes this vulnerability.

Original NVD description (English source)

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS