Collapsing Categories

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-32366 HIGH This Week

A blind SQL injection vulnerability exists in the WordPress Collapsing Categories plugin (versions up to 3.0.9) that allows authenticated attackers with low privileges to execute arbitrary SQL queries against the database. The vulnerability enables extraction of sensitive data including user credentials, though it does not allow direct data modification. With a CVSS score of 8.5 and no current exploitation in the wild (not in KEV), this represents a serious but not critical risk for WordPress sites using this plugin.

SQLi Collapsing Categories

NVD VulDB

CVSS 3.1

8.5

EPSS

0.0%

CVE-2026-32366

EPSS 0% CVSS 8.5

HIGH This Week

A blind SQL injection vulnerability exists in the WordPress Collapsing Categories plugin (versions up to 3.0.9) that allows authenticated attackers with low privileges to execute arbitrary SQL queries against the database. The vulnerability enables extraction of sensitive data including user credentials, though it does not allow direct data modification. With a CVSS score of 8.5 and no current exploitation in the wild (not in KEV), this represents a serious but not critical risk for WordPress sites using this plugin.

SQLi Collapsing Categories

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy