CVE Catalog

CVE-2026-57636

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The wpForo Forum plugin version 3.0.9 and earlier contains a SQL injection vulnerability exploitable by contributors. An attacker with contributor privileges can inject malicious SQL queries, potentially leading to unauthorized database access.

Risk Assessment

The risk includes potential leakage of sensitive data, modification or deletion of database content, which could compromise system integrity and confidentiality.

Recommendation

It is recommended to immediately update the wpForo Forum plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS