CVE-2026-54811
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-54811
EUVD
EUVD-2026-37644
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_emember wp_emember to 10.9.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress WP eMember Plugin, versions prior to v10.9.4, contains a high-priority SQL Injection vulnerability identified as CVE-2026-54811.

This vulnerability allows unauthenticated attackers to directly interact with the website's database by injecting malicious SQL commands.

Because the attacker does not need to be logged in or have any privileges, this flaw poses a critical security risk.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive information stored in the website's database.

An attacker exploiting this flaw could steal data, potentially leading to data breaches.

Additionally, the vulnerability has a CVSS score of 9.3, indicating a critical risk with high impact on confidentiality and some impact on availability.

Mitigation Strategies

Immediate action is advised to mitigate the vulnerability in the WP eMember plugin versions prior to v10.9.4.

  • Update the WP eMember plugin to version 10.9.4 or later, where the vulnerability has been patched.
  • Enable auto-updates for vulnerable plugins if you are using Patchstack to enhance security.
  • Apply the mitigation rule issued by Patchstack to block attacks until the plugin is updated.
  • Seek assistance from your hosting provider or a developer if you need help applying these mitigations.
Compliance Impact

The vulnerability allows unauthenticated attackers to perform SQL Injection attacks, potentially stealing sensitive information from the website's database.

Such unauthorized access and data theft could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against breaches.

Therefore, failing to patch this vulnerability may result in violations of these standards due to exposure of sensitive information.

Detection Guidance

This vulnerability affects versions of the WordPress WP eMember Plugin prior to v10.9.4 and is an unauthenticated SQL Injection flaw.

To detect this vulnerability on your system, you should first verify the version of the WP eMember plugin installed on your WordPress site. If the version is older than v10.9.4, your system is vulnerable.

You can check the plugin version by running the following command in your WordPress installation directory:

  • grep 'Version:' wp-content/plugins/wp-emember/wp-emember.php

Alternatively, you can check the plugin version from the WordPress admin dashboard under Plugins.

For network detection, monitoring for suspicious SQL injection attempts targeting the WP eMember plugin endpoints can help. Patchstack has issued mitigation rules that can be used in web application firewalls (WAFs) to block such attacks.

If you have access to web server logs, you can search for unusual requests that may indicate exploitation attempts, such as requests containing SQL syntax or suspicious parameters targeting the plugin.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54811. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart