Vulnerability Brief

CVE-2026-8163

What this means for your business

A security vulnerability in the WordPress plugin Infility Global could allow an attacker to manipulate the plugin's database, potentially stealing sensitive information or disrupting your website's functionality. If an authenticated user with basic access can exploit this weakness, it could lead to unauthorized changes or data theft, putting your business's reputation and data at risk. It's essential to update the plugin to the latest version to protect your website and prevent potential security breaches.

Severity: HIGH
CVSS score: 8.8

Technical summary

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.