cleantalk
Vulnerabilities and Security Researches

Infility Global, CVE-2026-7842

CVE, Research URL

CVE-2026-7842

Home page URL

Security reports for Infility Global

Application

Infility Global

Published on
Jun 23, 2026
Research Description
The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page.
Affected versions
max 2.15.20.
Status
vulnerable
Previous vulnerability researches
Verge3D Publishing and E-Commerce (CVE-2025-22709) , Jan 19, 2025
Verge3D Publishing and E-Commerce (CVE-2025-30833) , Apr 02, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2023-51421) , Jun 06, 2024
Verge3D Publishing and E-Commerce (CVE-2023-51420) , Jun 06, 2024
New vulnerability
ClearSale Total (CVE-2026-8705) , Jun 25, 2026
Osiris Signature Banner (CVE-2026-8905) , Jun 25, 2026
MotorDesk (CVE-2026-9724) , Jun 25, 2026
WP Activity Log (CVE-2026-56005) , Jun 25, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin (CVE-2026-7761) , Jun 25, 2026