SQL Injection Vulnerability in Recurio β Ultimate Subscription for WooCommerce Plugin
CVE-2026-12936
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 July 2026
What is CVE-2026-12936?
The Recurio β Ultimate Subscription for WooCommerce plugin is prone to SQL Injection due to inadequate escaping of user-supplied parameters in the 'data' field. This vulnerability affects all versions through 1.1.3. It allows attackers with shop manager-level access to manipulate existing SQL queries, potentially leading to unauthorized data extraction from the underlying database. Proper validation and sanitization measures are crucial to mitigate this vulnerability and protect sensitive information.
Affected Version(s)
Recurio β Ultimate Subscription for WooCommerce 0 <= 1.1.3