Skip to main content

Jetsmartfilters

1 CVEs product

Monthly

CVE-2026-48875 CRITICAL Act Now

Unauthenticated SQL injection in the JetSmartFilters WordPress plugin (versions ≤ 3.8.1) allows remote attackers to inject arbitrary SQL queries against the underlying WordPress database without any authentication or user interaction. The CVSS 9.3 score reflects a scope-changing flaw with high confidentiality impact and low availability impact, and no public exploit has been identified at time of analysis. The vulnerability was disclosed via Patchstack and affects a popular Crocoblock/JetImpex filtering plugin widely deployed on WordPress sites.

SQLi Jetsmartfilters
NVD
CVSS 3.1
9.3
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the JetSmartFilters WordPress plugin (versions ≤ 3.8.1) allows remote attackers to inject arbitrary SQL queries against the underlying WordPress database without any authentication or user interaction. The CVSS 9.3 score reflects a scope-changing flaw with high confidentiality impact and low availability impact, and no public exploit has been identified at time of analysis. The vulnerability was disclosed via Patchstack and affects a popular Crocoblock/JetImpex filtering plugin widely deployed on WordPress sites.

SQLi Jetsmartfilters
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy