Unauthenticated SQL Injection in WP Fast Total Search Plugin
CVE-2026-57683

9.3CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57683?

A serious SQL injection vulnerability exists in the WP Fast Total Search plugin for WordPress, affecting all versions up to 1.80.280. This flaw allows unauthenticated users to execute arbitrary SQL commands, which could lead to unauthorized data exposure or manipulation. It is crucial for users of this plugin to update to the latest version to mitigate any potential security risks.

Affected Version(s)

WP Fast Total Search <= 1.80.280

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HaiND | Patchstack Bug Bounty Program
.