Description
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Published: 2026-06-26
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated users can exploit a SQL Injection flaw in the WordPress 결제 심플페이 plugin versions 5.5.6 and earlier. The vulnerability allows arbitrary SQL statements to be executed, enabling attackers to read, modify, or delete database records, which can result in exposure of sensitive information, defacement, or data loss. This weakness is identified as CWE-89.

Affected Systems

The flaw affects the WordPress 결제 심플페이 plugin from codemstory, specifically all releases up to and including version 5.5.6. Sites running these versions are vulnerable.

Risk and Exploitability

The CVSS score of 9.3 marks the issue as critical. Because the injection is unauthenticated, an attacker only needs to access the plugin’s endpoint; no privileged credentials are required. While no EPSS data is available, the absence of KEV listing does not lower the risk, as the exploitation path is straightforward over standard HTTP/HTTPS traffic. An attacker could fully compromise the database if the vulnerability is not patched.

Generated by OpenCVE AI on June 26, 2026 at 16:40 UTC.

Remediation

Vendor Solution

Update the WordPress 워드프레스 결제 심플페이 Plugin to the latest available version (at least 5.5.7).

OpenCVE Recommended Actions

  • Upgrade the WordPress 결제 심플페이 Plugin to version 5.5.7 or later.
  • Ensure that the plugin’s endpoints are protected behind proper authentication and role checks, limiting access to authorized administrators.
  • Monitor database logs for unusual queries and audit web traffic for attempts to exploit SQL injection.

Generated by OpenCVE AI on June 26, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Title WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T16:58:28.485Z

Reserved: 2026-06-18T14:37:40.347Z

Link: CVE-2026-56036

cve-icon Vulnrichment

Updated: 2026-06-26T16:58:10.547Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:45:03Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')