PT-2026-5884 · WordPress · Infility Global

Andrea Bocchetti

Published

2026-02-04

Updated

2026-02-09

CVE-2025-15268

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Infility Global plugin for WordPress versions prior to 2.14.46

Description The Infility Global plugin for WordPress is susceptible to unauthenticated SQL Injection through the 'infility get data' API action. This is a result of inadequate escaping of user-supplied input and insufficient preparation of the SQL query. This allows unauthenticated attackers to potentially append additional SQL queries, and extract sensitive information from the database.

Recommendations Update the Infility Global plugin to a version later than 2.14.46.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-15268

Affected Products

Infility Global

PT-2026-5884 · WordPress · Infility Global

CVE-2025-15268

Weakness Enumeration

Related Identifiers

Affected Products

References · 9