SQL Injection Vulnerability in FS Poster Plugin by NotFound
CVE-2025-26978

Currently unrated

Key Information:

Vendor: WordPress
Status: Fs Poster
Vendor: CVE Published:; 15 March 2025

What is CVE-2025-26978?

The FS Poster plugin by NotFound is exposed to an SQL Injection vulnerability that allows attackers to manipulate database queries. This vulnerability arises from improper neutralization of special characters in SQL commands, which can lead to unauthorized data access or data manipulation. Users of FS Poster, particularly those using versions up to 6.5.8, should take immediate steps to secure their applications by applying the latest updates and implementing best practices for database security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch