CVE-2026-49079

CRITICAL

WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-49079. PoCs published by izxci.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2026-49079, an unauthenticated SQL injection vulnerability in the JetSearch WordPress plugin (versions up to 3.5.17). The exploit includes detection, vulnerability checking, and multiple SQLi payloads for extracting database information, user credentials, and WordPress configuration.

Description

Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

Exploits (1)

github WORKING POC
by izxci · pythonpoc
https://github.com/izxci/CVE-2026-49079

This repository contains a functional Python exploit for CVE-2026-49079, an unauthenticated SQL injection vulnerability in the JetSearch WordPress plugin (versions up to 3.5.17). The exploit includes detection, vulnerability checking, and multiple SQLi payloads for extracting database information, user credentials, and WordPress configuration.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: JetSearch WordPress plugin <= 3.5.17
No auth needed
Prerequisites: WordPress site with vulnerable JetSearch plugin installed
devstral-2 · analyzed Jun 17, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.3
EPSS 0.0035
EPSS Percentile 26.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Jetimpex Inc./JetSearch < 3.5.17
Published Jun 17, 2026
Tracked Since Jun 17, 2026