PatchSiren cyber security CVE debrief
CVE-2026-39574 RealMag777 CVE debrief
CVE-2026-39574 is a critical vulnerability in the InPost Gallery plugin for WordPress, affecting versions up to and including 2.1.4.6. This vulnerability allows unauthenticated attackers to inject malicious SQL code, potentially leading to data breaches or other security issues. The vulnerability has a CVSS score of 9.3, indicating a high severity level.
- Vendor
- RealMag777
- Product
- InPost Gallery
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Administrators and users of the InPost Gallery plugin, especially those using versions <= 2.1.4.6, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input sanitization, allowing attackers to inject malicious SQL code. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L.
Defensive priority
High
Recommended defensive actions
- Update the InPost Gallery plugin to a version that is not vulnerable (if available).
- Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks.
- Regularly monitor your website for suspicious activity.
Evidence notes
The vulnerability was reported by Patchstack, as indicated by the reference [ref-4].
Official resources
-
CVE-2026-39574 CVE record
CVE.org
-
CVE-2026-39574 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39574 was published on 2026-06-16T10:16:27.223Z and has not been modified since then.