CVE-2026-57752
Deferred Deferred - Pending Action

Contributor SQL Injection in iNET Webkit

Vulnerability report for CVE-2026-57752, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Contributor SQL Injection in iNET Webkit 1.2.4 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack inet_webkit 1.2.4

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability is a SQL Injection in the WordPress iNET Webkit Plugin version 1.2.4. This means that an attacker can manipulate the plugin to execute unauthorized SQL commands on the database.

It falls under the OWASP Top 10 A3: Injection category, indicating it is a type of injection flaw where untrusted data is sent to an interpreter as part of a command or query.

Impact Analysis

This vulnerability allows malicious actors to interact with the database, potentially stealing sensitive information.

The CVSS score of 8.5 indicates a high severity impact, meaning the consequences of exploitation can be significant.

Although it is classified as unlikely to be exploited, if exploited it can lead to data breaches and partial denial of service.

No official patch is currently available, so immediate action such as updating the plugin or seeking assistance is recommended.

Detection Guidance

The vulnerability is a SQL Injection in the WordPress iNET Webkit Plugin version 1.2.4. Detection typically involves identifying if this specific plugin version is installed and checking for suspicious database interactions that could indicate exploitation attempts.

Since no official patch or detection commands are provided, a practical approach is to verify the plugin version on your WordPress installation using commands or queries such as:

  • Using WP-CLI to check plugin version: wp plugin list | grep inet-webkit
  • Searching web server logs for unusual SQL query patterns or suspicious HTTP requests targeting the plugin endpoints.
  • Monitoring database logs for unexpected queries that could indicate SQL Injection attempts.
Mitigation Strategies

Immediate mitigation steps include updating the iNET Webkit Plugin if an update is available. However, as no official patch is currently available for version 1.2.4, alternative actions are recommended.

  • Disable or remove the vulnerable plugin from your WordPress installation to prevent exploitation.
  • Seek assistance from your hosting provider or a developer to implement custom security measures or workarounds.
  • Monitor your system and database for suspicious activity related to SQL Injection attempts.
  • Consider applying web application firewall (WAF) rules to block malicious requests targeting the plugin.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57752. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart