CVE Catalog
CVE-2026-56067
CriticalCVSS 9.3Summary
The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.
Risk Assessment
An attacker can gain unauthorized access to sensitive data in the database, including user data and site configuration. This could lead to complete takeover of the website.
Recommendation
Immediately update the JetSmartFilters plugin to version 3.8.4 or later. If an update is not possible, temporarily disable the plugin.
Original NVD description (English source)
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.

