Medium severity6.5NVD Advisory· Published Apr 7, 2026· Updated Apr 9, 2026
CVE-2026-4079
CVE-2026-4079
Description
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: < 2.3.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/8ec92881-4ae5-458d-995b-f097f2bcc590/nvdThird Party AdvisoryExploit
News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)Wordfence Blog · Apr 16, 2026