Skip to main content

WP eMember EUVDEUVD-2026-37644

| CVE-2026-54811 CRITICAL
SQL Injection (CWE-89)
2026-06-17 Patchstack
9.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
9.3 CRITICAL

Network-reachable unauthenticated SQLi in a WordPress plugin shares the DB with core, justifying S:C and C:H; SQLi typically permits some write (I:L) but rarely DoS, so A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 11:50 vuln.today

DescriptionCVE.org

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

AnalysisAI

Unauthenticated SQL injection in the WP eMember WordPress plugin versions prior to 10.9.4 allows remote attackers to inject arbitrary SQL through unsanitized input handled by the plugin. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 9.3 with a scope change, indicating impact beyond the vulnerable component; no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running WP eMember <10.9.4
Delivery
Send crafted HTTP request with SQL payload to vulnerable plugin endpoint
Exploit
Trigger unsanitized query against WordPress database
Execution
Exfiltrate wp_users hashes and session data
Impact
Crack or replay credentials for admin takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires only that the target WordPress site has the WP eMember plugin installed and activated at a version below 10.9.4, and that the vulnerable plugin endpoint is reachable over the network - consistent with the CVSS vector AV:N/AC:L/PR:N/UI:N (no authentication, no user interaction, low complexity). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability shows several high-risk signals: CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N indicates remote, low-complexity, unauthenticated, no-user-interaction exploitation, and S:C with C:H means confidential data outside the plugin's security scope (entire WordPress database) can be read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP request to a vulnerable WP eMember endpoint with a malicious SQL payload in a parameter that is concatenated into a backend query, causing the WordPress database to return data from arbitrary tables. The attacker enumerates wp_users and wp_usermeta to harvest password hashes and session tokens, then cracks or replays them to gain administrator access; no public exploit identified at time of analysis, but Patchstack advisories typically include enough detail for rapid weaponization.
Remediation Vendor-released patch: WP eMember 10.9.4 - site administrators should upgrade the plugin to 10.9.4 or later via the WordPress plugin updater immediately, referencing the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-9-4-sql-injection-vulnerability for confirmation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all WordPress instances running WP eMember plugin and document current versions; disable or restrict external access to affected instances where possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-5080 HIGH POC
8.8 Jul 13

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload

CVE-2024-5076 HIGH POC
8.8 Jul 13

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to m

CVE-2024-4749 HIGH POC
8.3 Jun 04

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it

CVE-2024-5715 HIGH POC
7.1 Jul 13

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the

CVE-2024-5744 MEDIUM POC
6.8 Jul 13

The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it

CVE-2024-5077 MEDIUM POC
6.8 Jul 13

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as we

CVE-2024-5081 MEDIUM POC
6.1 Aug 05

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as w

CVE-2024-5079 MEDIUM POC
6.1 Jul 13

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, whi

CVE-2024-5075 MEDIUM POC
5.9 Jul 13

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the

CVE-2024-5074 MEDIUM POC
5.4 Jul 13

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the

CVE-2026-28073 HIGH
7.1 Mar 19

A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, af

CVE-2026-49077 MEDIUM
5.3 Jun 04

Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenti

Share

EUVD-2026-37644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy