PT-2026-5884 · WordPress · Infility Global
Andrea Bocchetti
·
Publicado
2026-02-04
·
Atualizado
2026-02-09
·
CVE-2025-15268
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Infility Global plugin for WordPress versions prior to 2.14.46
Description
The Infility Global plugin for WordPress is susceptible to unauthenticated SQL Injection through the '
infility get data' API action. This is a result of inadequate escaping of user-supplied input and insufficient preparation of the SQL query. This allows unauthenticated attackers to potentially append additional SQL queries, and extract sensitive information from the database.Recommendations
Update the Infility Global plugin to a version later than 2.14.46.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Infility Global