PatchSiren cyber security CVE debrief
CVE-2026-52712 tnomi CVE debrief
CVE-2026-52712 is a HIGH severity vulnerability (CVSS Score: 7.6) affecting Attendance Manager plugin versions <= 0.6.2. The vulnerability allows for Subscriber SQL Injection attacks, potentially enabling attackers to manipulate database queries. The vulnerability was published on [cvePublishedAt] and has not been modified since.
- Vendor
- tnomi
- Product
- Attendance Manager
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Attendance Manager plugin versions <= 0.6.2 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a SQL injection weakness (CWE-89) in the Attendance Manager plugin. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update Attendance Manager plugin to a version greater than 0.6.2.
- Review and monitor database queries for suspicious activity.
Evidence notes
Evidence suggests that the vulnerability was reported by [email protected].
Official resources
-
CVE-2026-52712 CVE record
CVE.org
-
CVE-2026-52712 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-52712 was published and modified on 2026-06-16T10:16:27.997Z.