CVE Catalog
CVE-2026-57643
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
The WP Post Author plugin version 3.9.1 and earlier contains a SQL injection vulnerability in the Contributor function. This allows an attacker to manipulate database queries.
Risk Assessment
The risk includes unauthorized access to data, its modification or deletion, which may lead to a breach of system confidentiality and integrity.
Recommendation
It is recommended to immediately update the WP Post Author plugin to a version newer than 3.9.1, which fixes this vulnerability.
Original NVD description (English source)
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

