High severity8.6NVD Advisory· Published May 8, 2026· Updated May 8, 2026

CVE-2026-4935

Description

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.

Affected products

WordPress/Ottokitinferred
Range: <1.1.23
Package: https://wordpress.org/plugins/ottokit
OttoKit/All-in-One Automation Platformllm-create
Range: <1.1.23

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/54bc1bf4-1033-49e2-aff9-a14c834c35bd/nvd

News mentions

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)
Wordfence Blog · Apr 2, 2026

cvss	0.559
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000