CVE Catalog
CVE-2026-57687
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk0.22%
13th percentile — higher than 13% of all known CVEs
Summary
The Custom Field Template plugin for WordPress versions 2.7.8 and earlier contains a Contributor SQL Injection vulnerability. An attacker with contributor privileges can inject malicious SQL queries into the database.
Risk Assessment
The risk includes unauthorized access, modification, or deletion of data, potentially leading to a breach of confidentiality and integrity of the WordPress system.
Recommendation
It is recommended to immediately update the Custom Field Template plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.

