CVE Catalog
CVE-2026-57628
HighCVSS 7.6Summary
SQL Injection vulnerability in WP All Import plugin versions up to 4.0.1 allows an administrator to inject malicious SQL code into the database.
Risk Assessment
An attacker with administrator privileges can steal, modify, or delete data from the WordPress database, leading to data integrity and confidentiality breaches.
Recommendation
It is recommended to immediately update the WP All Import plugin to the latest version that fixes this vulnerability.
Original NVD description (English source)
Administrator SQL Injection in WP All Import <= 4.0.1 versions.

