Skip to main content

Kirki CVE-2026-57726

| EUVDEUVD-2026-43375 CRITICAL
SQL Injection (CWE-89)
2026-07-13 Patchstack
9.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Primary rating from Vendor (Patchstack) · only source for this CVE.

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 10:44 vuln.today
CVE Published
Jul 13, 2026 - 08:41 cve.org
CRITICAL 9.3

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12.

AnalysisAI

Blind SQL injection in the Themeum Kirki WordPress customizer framework (all versions up to and including 6.0.12) lets remote attackers inject SQL through improperly neutralized special elements, per the CVSS PR:N vector without authentication, to infer and extract database contents. The scope-changed CVSS 3.1 score of 9.3 reflects impact reaching beyond the plugin's own security boundary into the wider WordPress database. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: audit all WordPress installations for Kirki versions ≤6.0.12 and immediately disable the plugin; examine database query logs for anomalous SQL patterns that may indicate prior exploitation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57726 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy