CVE-2026-2495

Name of the Vulnerable Software and Affected Versions WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress versions up to and including 0.6.5

Description The WPNakama plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the 'order' parameter of the /wp-json/WPNakama/v1/boards API endpoint is vulnerable. This allows unauthenticated attackers to inject additional SQL queries into existing database queries, potentially leading to the extraction of sensitive information. The vulnerable parameter is order.

Recommendations Update WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress to a version later than 0.6.5.