CVE 9.3 CRITICAL

WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability_CVE-2026-42747

May 27, 2026 invoker category_cve
9.3 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6.

AI Analysis

SQL Injection vulnerability in Easy Form Builder plugin

Basic Information

ID CVE-2026-42747
Source Patchstack
Published May 27, 2026 at 09:49

Affected Product

Vendor hassantafreshi
Product Easy Form Builder
Affected Versions hassantafreshi Easy Form Builder 0

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10
AI Severity Critical
Vendor hassantafreshi
Product Easy Form Builder
Version <= 4.0.6

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.