WordPress Plugin Vulnerable to SQL Injection Attack

A SQL Injection vulnerability has been discovered in the "CMS für Motorrad Werkstätten" WordPress plugin, affecting all versions up to 1.0.0. This flaw, identified as CVE-2026-6674, allows authenticated attackers with subscriber-level access to extract sensitive database information. The vulnerability carries a CVSS v3 base score of 6.5.

Context

The 'CMS für Motorrad Werkstätten' WordPress plugin has been identified with a critical security flaw, affecting all versions up to 1.0.0. SQL Injection vulnerabilities allow attackers to manipulate database queries, which can lead to unauthorized data access. The flaw has been assigned a CVE identifier, CVE-2026-6674, and a CVSS score indicating its severity.

Why it matters

The SQL Injection vulnerability in the WordPress plugin poses a significant risk to websites using it, potentially exposing sensitive data. This issue highlights the importance of maintaining security in web applications, particularly for plugins that interact with databases. Users and site administrators must be aware of such vulnerabilities to protect their information and systems.

Implications

If left unaddressed, the vulnerability could lead to data breaches, affecting website owners and their users. Subscribers with access to the plugin could exploit this flaw, putting sensitive information at risk. The incident may prompt increased scrutiny of plugin security practices within the WordPress ecosystem.

What to watch

Users of the affected plugin should monitor for updates or patches released by the developers to address the vulnerability. Security advisories may provide further guidance on mitigating risks associated with this flaw. The response from the WordPress community regarding this issue will be important to observe.