Skip to main content

Wp Fast Total Search

1 CVEs product

Monthly

CVE-2026-57683 CRITICAL Act Now

SQL injection in the WP Fast Total Search (fulltext-search) WordPress plugin by epsiloncool affects all versions up to and including 1.80.280, letting unauthenticated remote attackers inject arbitrary SQL into backend queries (CWE-89). Because the CVSS vector uses PR:N/UI:N with a scope change, exploitation needs no login or user interaction and can reach data beyond the plugin's own tables. No public exploit was identified at time of analysis; the issue was reported through Patchstack and carries a critical 9.3 base score.

SQLi Wp Fast Total Search
NVD
CVSS 3.1
9.3
EPSS
0.2%
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in the WP Fast Total Search (fulltext-search) WordPress plugin by epsiloncool affects all versions up to and including 1.80.280, letting unauthenticated remote attackers inject arbitrary SQL into backend queries (CWE-89). Because the CVSS vector uses PR:N/UI:N with a scope change, exploitation needs no login or user interaction and can reach data beyond the plugin's own tables. No public exploit was identified at time of analysis; the issue was reported through Patchstack and carries a critical 9.3 base score.

SQLi Wp Fast Total Search
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy