SQL Injection Vulnerability in Active Products Tables for WooCommerce by RealMag777
CVE-2026-42761

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Active Products Tables For WooCommerce
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42761?

The Active Products Tables for WooCommerce plugin by RealMag777 is susceptible to an SQL Injection vulnerability due to improper handling of special characters in SQL commands. This flaw allows attackers to execute blind SQL injection attacks, potentially compromising the database. Versions up to and including 1.0.9 are affected. Website administrators should take immediate action to patch this vulnerability to protect sensitive data.

Affected Version(s)

Active Products Tables for WooCommerce 0 <= 1.0.9

References

https://patchstack.com/database/Wordpress/Plugin/profit-p...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

hhhai | Patchstack Bug Bounty Program

CVE-2026-42761 Data

JSON

WordPress

What is CVE-2026-42761?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit