CVE Catalog

CVE-2026-57683

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Summary

The WP Fast Total Search plugin version 1.80.280 and earlier contains an unauthenticated SQL injection vulnerability. An attacker without authentication can send crafted queries to the database.

Risk Assessment

An unauthenticated attacker can read, modify, or delete data from the WordPress database, including user data and content. This could lead to full site compromise.

Recommendation

Immediately update the WP Fast Total Search plugin to the latest available version. If an update is not possible, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS