CVE-2026-57683
Deferred Deferred - Pending Action

Unauthenticated SQL Injection in WP Fast Total Search

Vulnerability report for CVE-2026-57683, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
patchstack wp_fast_total_search to 1.81.282 (exc)
wp_fast_total_search wp_fast_total_search to 1.80.280 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57683 is an unauthenticated SQL Injection vulnerability found in the WordPress WP Fast Total Search Plugin versions 1.80.280 and below.

This flaw allows attackers to directly interact with the website's database without needing any prior access or authentication.

It is classified under the OWASP Top 10 A3: Injection category and is considered highly dangerous due to its critical severity score of 9.3.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive information stored in the website's database.

Because it is unauthenticated, attackers can exploit it remotely without any credentials.

The vulnerability's critical severity and high likelihood of exploitation in mass campaigns mean that many websites using the affected plugin are at risk of data theft or manipulation.

Mitigation Strategies

The vulnerability affects WP Fast Total Search Plugin versions 1.80.280 and below and allows unauthenticated SQL Injection.

Immediate mitigation steps include updating the plugin to version 1.81.282 or later, which contains the patch for this issue.

Until the update can be applied, users are advised to implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

If needed, seek assistance from your hosting provider or web developer to apply these mitigations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57683. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart