CVE Catalog

CVE-2026-8163

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

The Infility Global WordPress plugin before version 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability. This can be exploited by authenticated users with Subscriber-level access and above.

Risk Assessment

The organization may be exposed to unauthorized access to database information, potentially leading to data leaks or modifications. Low-privileged users could gain access to sensitive information.

Recommendation

It is recommended to update the Infility Global plugin to version 2.15.19 or later to mitigate this vulnerability. Additionally, conducting a security audit to assess the potential impact of this flaw is advisable.

Original NVD description (English source)

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS