SQL Injection Vulnerability in RealMag777 TableOn Plugin
CVE-2026-42755

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Tableon
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42755?

The RealMag777 TableOn Plugin for WordPress contains a vulnerability that allows attackers to execute SQL commands through improper input sanitization. This flaw can lead to Blind SQL Injection, where an attacker can manipulate database queries without directly receiving error messages. Versions of the TableOn plugin prior to 1.0.5.1 are impacted. It is crucial for users to update their plugins to secure their databases and prevent unauthorized access to sensitive information.

Affected Version(s)

TableOn 0 <= 1.0.5.1

References

https://patchstack.com/database/Wordpress/Plugin/posts-ta...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

hhhai | Patchstack Bug Bounty Program

CVE-2026-42755 Data

JSON