SQL Injection Vulnerability in Recurio – Ultimate Subscription for WooCommerce Plugin
CVE-2026-12936

4.9MEDIUM

What is CVE-2026-12936?

The Recurio – Ultimate Subscription for WooCommerce plugin is prone to SQL Injection due to inadequate escaping of user-supplied parameters in the 'data' field. This vulnerability affects all versions through 1.1.3. It allows attackers with shop manager-level access to manipulate existing SQL queries, potentially leading to unauthorized data extraction from the underlying database. Proper validation and sanitization measures are crucial to mitigate this vulnerability and protect sensitive information.

Affected Version(s)

Recurio – Ultimate Subscription for WooCommerce 0 <= 1.1.3

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.