Upsellwp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-32459 HIGH This Week

Blind SQL injection in UpsellWP checkout plugin versions 2.2.4 and earlier allows authenticated attackers to execute arbitrary SQL queries with network access and without user interaction. The vulnerability affects the checkout-upsell-and-order-bumps functionality and could enable data exfiltration or database manipulation. No patch is currently available for this high-severity flaw.

SQLi Upsellwp

NVD VulDB

CVSS 3.1

8.5

EPSS

0.0%

CVE-2026-32459

EPSS 0% CVSS 8.5

HIGH This Week

Blind SQL injection in UpsellWP checkout plugin versions 2.2.4 and earlier allows authenticated attackers to execute arbitrary SQL queries with network access and without user interaction. The vulnerability affects the checkout-upsell-and-order-bumps functionality and could enable data exfiltration or database manipulation. No patch is currently available for this high-severity flaw.

SQLi Upsellwp

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy