EUVD-2026-38417

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

CVE-2026-8685

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

CVE-2024-12723

The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-1939 · WordPress · Infility Global Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Infility Global WordPress plugin versions 2.9.8 and earlier Description: The issue arises because the Infility Global WordPress plugin does not properly sanitise and escape a parameter before outputting it back in the page. This leads to a...