CVE-2026-8163— Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

EPSS 0.24% · P15 Updated Jun 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-8163

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	Infility Global	0 ~ 2.15.19	-

II. Public POCs for CVE-2026-8163

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-8163

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-8163 (1)

🔗 Infility Global < 2.15.19 – Subscriber+ SQL Injection via order Parameter | CVE 2026-8163 | Plugin Vulnerabilitiesexploitvdb-entrytechnical-description

https://nvd.nist.gov/vuln/detail/CVE-2026-8163

Same Patch Batch · Unknown · 2026-06-23 · 5 CVEs total

CVE-2026-7842		Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter
CVE-2026-8172		Simple Basic Contact Form <= 20250114 - Reflected XSS
CVE-2026-8378		Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Re
CVE-2026-8379		Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

IV. Related Vulnerabilities

Same product: Infility Global

Same vendor: Unknown

V. Comments for CVE-2026-8163

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-8163— Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

I. Basic Information for CVE-2026-8163

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-8163

III. Intelligence Information for CVE-2026-8163

Vendor Advisories for CVE-2026-8163 (1)

Same Patch Batch · Unknown · 2026-06-23 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-8163

Leave a comment