PatchSiren cyber security CVE debrief
CVE-2026-48874 Ruben Garcia CVE debrief
CVE-2026-48874 is a HIGH severity vulnerability (CVSS Score: 8.5) affecting GamiPress plugin versions up to 7.8.7. The vulnerability allows for Subscriber SQL Injection and has been publicly disclosed on June 15, 2026.
- Vendor
- Ruben Garcia
- Product
- GamiPress
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of GamiPress plugin versions up to 7.8.7 should update to a patched version to prevent Subscriber SQL Injection attacks.
Technical summary
The vulnerability is caused by a SQL injection weakness (CWE-89) in the GamiPress plugin. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update GamiPress plugin to a version greater than 7.8.7.
- Review and restrict database access for Subscriber roles.
Evidence notes
The CVE record was obtained from the official CVE.org website [cve-org]. Additional details were obtained from the NVD database [nvd].
Official resources
-
CVE-2026-48874 CVE record
CVE.org
-
CVE-2026-48874 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48874 was first publicly disclosed on June 15, 2026, and last modified on June 15, 2026.