SQL Injection Vulnerability in FS Poster Plugin by NotFound
CVE-2025-26978

8.5HIGH

Key Information:

Vendor: WordPress
Status: Fs Poster
Vendor: CVE Published:; 15 March 2025

What is CVE-2025-26978?

The FS Poster plugin by NotFound is exposed to an SQL Injection vulnerability that allows attackers to manipulate database queries. This vulnerability arises from improper neutralization of special characters in SQL commands, which can lead to unauthorized data access or data manipulation. Users of FS Poster, particularly those using versions up to 6.5.8, should take immediate steps to secure their applications by applying the latest updates and implementing best practices for database security.

Affected Version(s)

FS Poster 0 <= 6.5.8

References

https://patchstack.com/database/Wordpress/Plugin/fs-poste...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2025

CVE-2025-26978 Data

JSON

WordPress

What is CVE-2025-26978?

Affected Version(s)

References

CVSS V3.1

Timeline