SQL Injection Vulnerability in WP Sessions Time Monitoring Full Automatic Plugin by WordPress
CVE-2026-39581

8.5HIGH

Key Information:

Vendor: WordPress
Status: WP Sessions Time Monitoring Full Automatic
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-39581?

The WP Sessions Time Monitoring Full Automatic plugin for WordPress is susceptible to an SQL injection vulnerability that can be exploited in versions up to 1.1.4. This flaw could allow attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data, database compromise, and significant security risks for websites using this plugin. It is crucial for users to update to the latest version or implement security measures to mitigate the vulnerability.

Affected Version(s)

WP Sessions Time Monitoring Full Automatic <= 1.1.4

References

https://patchstack.com/database/wordpress/plugin/activity...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

hivesec | Patchstack Bug Bounty Program

CVE-2026-39581 Data

JSON