PatchSiren cyber security CVE debrief
CVE-2026-42639 Dev4Press CVE debrief
CVE-2026-42639 is a critical vulnerability in the GD Rating System plugin for WordPress, affecting versions up to and including 3.6.2. This vulnerability allows unauthenticated attackers to inject malicious SQL queries, potentially leading to data breaches or system compromise. The vulnerability was published on [cvePublishedAt] and has a CVSS score of 9.3, indicating a high severity level.
- Vendor
- Dev4Press
- Product
- GD Rating System
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites utilizing the GD Rating System plugin versions up to and including 3.6.2 should prioritize updating to a patched version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in the GD Rating System plugin. This allows attackers to execute arbitrary SQL queries on the database without needing authentication. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L, indicating a high impact on confidentiality.
Defensive priority
High
Recommended defensive actions
- Update the GD Rating System plugin to a version beyond 3.6.2 as soon as possible.
- Review and monitor database activity for suspicious queries.
- Consider implementing additional security measures such as web application firewalls (WAFs) to detect and prevent SQL injection attacks.
Evidence notes
Evidence for this vulnerability comes from Patchstack, as noted in the source item.
Official resources
-
CVE-2026-42639 CVE record
CVE.org
-
CVE-2026-42639 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42639 was published on 2026-06-15T21:16:54.477Z and modified on 2026-06-15T21:24:32.790Z.