CVE-2026-57631
Deferred Deferred - Pending Action
SQL Injection in Popup Box <= 6.0.1

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Administrator SQL Injection in Popup box <= 6.0.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57631
EUVD
EUVD-2026-39747
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack wordpress_popup_box_plugin to 6.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Popup box Plugin, versions 6.0.1 and earlier, contains a SQL Injection vulnerability. This security flaw allows attackers to interact directly with the website's database by injecting malicious SQL code through the plugin's administrator interface.

This vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS severity score of 7.6, indicating a high impact.

Impact Analysis

This SQL Injection vulnerability could allow attackers to manipulate the website's database, potentially leading to unauthorized data access or modification.

Although the severity is considered low in some contexts, the vulnerability poses a risk of exploitation in large-scale attacks targeting many websites.

If exploited, it could result in data breaches or partial denial of service, impacting the availability and confidentiality of your website's data.

Users are advised to update the plugin to version 6.0.2 or seek assistance from hosting providers or web developers to mitigate the risk.

Mitigation Strategies

The vulnerability in the WordPress Popup box Plugin versions 6.0.1 and earlier can be mitigated by updating the plugin to version 6.0.2, where the issue has been patched.

If updating immediately is not possible, users should seek assistance from their hosting provider or a web developer.

Patchstack users can also enable auto-updates for vulnerable plugins to mitigate the risk automatically.

Compliance Impact

The vulnerability is an SQL Injection flaw in the WordPress Popup box Plugin that allows attackers to interact directly with the website's database. Such unauthorized database access can lead to exposure or manipulation of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA.

Since GDPR and HIPAA require strict controls over the confidentiality and integrity of personal and health data, an SQL Injection vulnerability that compromises database security could result in violations of these standards if sensitive data is accessed or altered.

Therefore, organizations using affected versions of this plugin should update immediately to mitigate the risk and maintain compliance with relevant regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57631. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart