Skip to main content

Cws Svgicons

1 CVEs product

Monthly

CVE-2026-57787 HIGH This Week

Authenticated blind SQL injection in the CreativeWS CWS SVGicons WordPress plugin (all versions up to and including 1.5.5) allows a low-privileged authenticated user to inject crafted SQL into a database query, per a Patchstack advisory. Because the CVSS vector reports a scope change with high confidentiality impact, a successful attack can read data beyond the plugin's own tables, exposing the broader WordPress database. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SQLi Cws Svgicons
NVD
CVSS 3.1
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH This Week

Authenticated blind SQL injection in the CreativeWS CWS SVGicons WordPress plugin (all versions up to and including 1.5.5) allows a low-privileged authenticated user to inject crafted SQL into a database query, per a Patchstack advisory. Because the CVSS vector reports a scope change with high confidentiality impact, a successful attack can read data beyond the plugin's own tables, exposing the broader WordPress database. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SQLi Cws Svgicons
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy