CVE Catalog

CVE-2026-57643

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The WP Post Author plugin version 3.9.1 and earlier contains a SQL injection vulnerability in the Contributor function. This allows an attacker to manipulate database queries.

Risk Assessment

The risk includes unauthorized access to data, its modification or deletion, which may lead to a breach of system confidentiality and integrity.

Recommendation

It is recommended to immediately update the WP Post Author plugin to a version newer than 3.9.1, which fixes this vulnerability.

Original NVD description (English source)

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS