Skip to main content

Nicen Localize Image

1 CVEs product

Monthly

CVE-2026-57756 HIGH This Week

Authenticated SQL injection in the WordPress plugin nicen-localize-image (versions 1.4.9 and earlier) allows users holding the low-privilege Contributor role to inject arbitrary SQL into the WordPress database backend. Because the CVSS scope is changed and confidentiality impact is High, a Contributor can read data beyond the plugin's own remit, potentially extracting other users' credentials or secrets from the wp_users/wp_options tables. Reported by Patchstack with a CVSS of 8.5; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

SQLi Nicen Localize Image
NVD
CVSS 3.1
8.5
EPSS
0.2%
EPSS 0% CVSS 8.5
HIGH This Week

Authenticated SQL injection in the WordPress plugin nicen-localize-image (versions 1.4.9 and earlier) allows users holding the low-privilege Contributor role to inject arbitrary SQL into the WordPress database backend. Because the CVSS scope is changed and confidentiality impact is High, a Contributor can read data beyond the plugin's own remit, potentially extracting other users' credentials or secrets from the wp_users/wp_options tables. Reported by Patchstack with a CVSS of 8.5; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

SQLi Nicen Localize Image
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy