PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48875 Jetimpex Inc. CVE debrief

CVE-2026-48875 is a critical vulnerability in the JetSmartFilters plugin, with a CVSS score of 9.3. It allows unauthenticated SQL injection attacks. The vulnerability was published on 2026-06-17 and last modified on 2026-06-17. Users of affected versions should take immediate action to mitigate the risk. This vulnerability is considered critical and can lead to high impact on confidentiality, and low impact on availability. The exploit is publicly available, and attackers can leverage this vulnerability to extract sensitive data. Therefore, administrators and users of the affected plugin versions must prioritize patching.

Vendor
Jetimpex Inc.
Product
JetSmartFilters
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of the JetSmartFilters plugin versions <= 3.8.1 should be aware of this critical vulnerability. Immediate patching is recommended to prevent potential data breaches.

Technical summary

CVE-2026-48875 is an unauthenticated SQL injection vulnerability in the JetSmartFilters plugin. The vulnerability has a CVSS score of 9.3, indicating critical severity. It allows attackers to inject malicious SQL code without authentication, potentially leading to data breaches. The vulnerability affects plugin versions <= 3.8.1.

Defensive priority

high

Recommended defensive actions

  • Update JetSmartFilters plugin to a version greater than 3.8.1
  • Implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks
  • Regularly monitor plugin and system logs for suspicious activity
  • Restrict access to sensitive data and systems
  • Perform regular security audits and vulnerability assessments
  • Consider using a security plugin or service to enhance protection

Evidence notes

The vulnerability was reported by Patchstack and published in the NVD database. The CVE record and NVD detail pages provide additional information on the vulnerability.

Official resources

public