cleantalk
Vulnerabilities and Security Researches

Infility Global, CVE-2026-7842

CVE, Research URL

CVE-2026-7842

Home page URL

Security reports for Infility Global

Application

Infility Global

Published on
Jun 23, 2026
Research Description
The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page.
Affected versions
max 2.15.20.
Status
vulnerable
Previous vulnerability researches
BirdSeed (CVE-2026-4071) , Jun 04, 2026
New vulnerability
RentMy Real-Time Rental Management Plugin (CVE-2026-8690) , Jun 25, 2026
AdRotate Banner Manager – The only ad manager you'll need (CVE-2026-12242) , Jun 25, 2026
Restaurant Menu and Food Ordering (CVE-2026-54835) , Jun 25, 2026
Avalon23 Products Filter for WooCommerce (CVE-2026-8865) , Jun 25, 2026
WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors (CVE-2026-54838) , Jun 25, 2026