CVE Catalog

CVE-2026-56070

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The Advance Product Search plugin version 1.4.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can send specially crafted queries to execute arbitrary SQL commands on the database.

Risk Assessment

The risk includes unauthorized access to data, its modification or deletion, and potential takeover of the database server.

Recommendation

Immediately update the Advance Product Search plugin to a version newer than 1.4.4 that includes a fix for this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS