CVE Catalog
CVE-2026-57636
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
The wpForo Forum plugin version 3.0.9 and earlier contains a SQL injection vulnerability exploitable by contributors. An attacker with contributor privileges can inject malicious SQL queries, potentially leading to unauthorized database access.
Risk Assessment
The risk includes potential leakage of sensitive data, modification or deletion of database content, which could compromise system integrity and confidentiality.
Recommendation
It is recommended to immediately update the wpForo Forum plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

