CVE-2026-8163
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
The Infility Global WordPress plugin before version 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability. This can be exploited by authenticated users with Subscriber-level access and above.
Risk Assessment
The organization may be exposed to unauthorized access to database information, potentially leading to data leaks or modifications. Low-privileged users could gain access to sensitive information.
Recommendation
It is recommended to update the Infility Global plugin to version 2.15.19 or later to mitigate this vulnerability. Additionally, conducting a security audit to assess the potential impact of this flaw is advisable.
Original NVD description (English source)
The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.

