CVE-2026-57631
Deferred Deferred - Pending Action

SQL Injection in Popup Box <= 6.0.1

Vulnerability report for CVE-2026-57631, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Administrator SQL Injection in Popup box <= 6.0.1 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack wordpress_popup_box_plugin to 6.0.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Popup box Plugin, versions 6.0.1 and earlier, contains a SQL Injection vulnerability. This security flaw allows attackers to interact directly with the website's database by injecting malicious SQL code through the plugin's administrator interface.

This vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS severity score of 7.6, indicating a high impact.

Impact Analysis

This SQL Injection vulnerability could allow attackers to manipulate the website's database, potentially leading to unauthorized data access or modification.

Although the severity is considered low in some contexts, the vulnerability poses a risk of exploitation in large-scale attacks targeting many websites.

If exploited, it could result in data breaches or partial denial of service, impacting the availability and confidentiality of your website's data.

Users are advised to update the plugin to version 6.0.2 or seek assistance from hosting providers or web developers to mitigate the risk.

Compliance Impact

The vulnerability is an SQL Injection flaw in the WordPress Popup box Plugin that allows attackers to interact directly with the website's database. Such unauthorized database access can lead to exposure or manipulation of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA.

Since GDPR and HIPAA require strict controls over the confidentiality and integrity of personal and health data, an SQL Injection vulnerability that compromises database security could result in violations of these standards if sensitive data is accessed or altered.

Therefore, organizations using affected versions of this plugin should update immediately to mitigate the risk and maintain compliance with relevant regulations.

Mitigation Strategies

The vulnerability in the WordPress Popup box Plugin versions 6.0.1 and earlier can be mitigated by updating the plugin to version 6.0.2, where the issue has been patched.

If updating immediately is not possible, users should seek assistance from their hosting provider or a web developer.

Patchstack users can also enable auto-updates for vulnerable plugins to mitigate the risk automatically.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57631. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart