CVE Catalog

CVE-2026-57765

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

The WP EasyCart plugin for WordPress versions 5.9.0 and earlier contains a SQL injection vulnerability via the 'contributor' attribute. This allows an attacker to manipulate database queries.

Risk Assessment

The risk includes unauthorized access, modification, or deletion of data, potentially leading to a breach of confidentiality and integrity of the system.

Recommendation

It is recommended to immediately update the WP EasyCart plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS