CVE-2026-4079

MEDIUM CVSS 6.5 View on NVD ↗

Description

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

https://wpscan.com/vulnerability/8ec92881-4ae5-458d-995b-f097f2bcc590/

Published: Apr 07, 2026 07:16 UTC Modified: Apr 07, 2026 17:16 UTC