CVE Catalog

CVE-2026-56036

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Unauthenticated SQL injection vulnerability in WordPress 결제 심플페이 plugin versions up to 5.5.6. An unauthenticated attacker can execute arbitrary SQL queries.

Risk Assessment

Risk includes unauthorized access to the WordPress database, leakage of sensitive data (e.g., passwords, user data), and potential takeover of the website.

Recommendation

Immediately update the 결제 심플페이 plugin to the latest available version (above 5.5.6). If an update is not possible, temporarily disable the plugin.

Original NVD description (English source)

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS